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(57) Abstract 

A cable television system provides conditional access to services. The cable television system includes a headend from which service 
"instances", or programs, arc broadcast and a plurality of set top units for receiving the instances and selectively decrypting the instances 
for display to system subscribers. The service instances arc encrypted using public and/or private keys provided by service providers or 
central authorization agents. Keys used by the set tops for selective decryption may also be public or private in nature, and such keys may 
be reassigned at different times to provide a cable television system in which piracy concerns are minimized. 
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ENCRYPTION DEVICES FOR USE IN A 
CONDITIONAL ACCESS SYSTEM 

5 Related Patent Applications 

The present patent application is a continuation-in-part of the following U.S. applications, 
all of which are assigned to the assignee of the present U.S. application: 

U.S.S.N. 08/767,535, Robert O. Banker and Glendon L. Akins III, Preventing Replay 
10 Attacks on Digital Information Distributed by Network Service Providers, filed 12/16/96; 

U.S. Patent No. SJAlfillj Pinder, et al.. Information Terminal Having Reconfigurable 
Memory, filed 4/3/95; 

\5 U.S.S.N. 08/580,759, Wasilewski, et al.. Method and Apparatus for Providing 

Conditional Access in Connection-Oriented Interactive Networks with a Multiplicity of 
Service Providers, filed 12/29/95; 

U:S,S:N. 09/1 11,958, Seaman, et at; Mechanism and Apparatus for Encapsulation of 
20 Entitlement Authorization in Conditional Access System, filed 7/8/98; 

The present patent application also claims priority b2ised on U.S.S.N. 60/054,575, . 
Wasilewski et al.. Conditional Access System, filed August 1, 1997. The present 
application is further oiie of seven api^lications with identical Detailed Descriptions. . All 
25 of these application&have the. same filing date and all have the same assignee. The titles 

and inventors of the six applications fdllow: 

(D-33 1 8), Wasilewski, et al:. Conditional Access System, filed July 3 1 , 1 998; 

■ • , : h:, r- < * : rt 'y ri.-i ' ..v.. • 

. x." • ,'•>••••' * ' h •' 

30 (D-33 73), Akins, et al.. Method and Apparatus for Geographically Limiting Service in a 

Conditional Access System, {il&dJu\^^\,\99S', ;] ;;;? 
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(D-3457), Wasilewski, et al.. Authorization of Services in a Conditional Access System^ 
filed July 31, 1998; 

(D-3472), Akins, et al.. Representing Entitlements to Service in a Conditional Access 
5 5K5/em,filedJuly 31, 1998; . 

(D-2999), Pinder, et al.. Verification of the Source of Program Information in a 
Conditional Access System^ filed July 31^ 199S; . , 

10 (D-361 4), Pinder, et al.. Source Authentication of Download Information in a Conditional 

Access System, &led July 31, I99i. ^ . 

Field of the Invention 

15 The invention concerns systems for protecting information and more particularly concerns 

systems for protecting information that is transmitted by means of a Avired or wireless 
medium against unauthorized access. 

20 Background of the Invention : ^ ; v. ' • 

One way of distributing information is to broadcast it, that is, to place the ihformaition on 
a medium from which it can be received by any device that is connected to the medium. 
Television arid radio are well-known broadcast media. If one wishes to make money by 
distributing information on a broadcast medium, there axe a couple of alternatives. A first 

25 is to find sponsors to pay for broadcasting the information! A second is to permit access 

to the broadcast information only to those who have paid for it* This is generally done by 
broadcasting the information in scrambled or encrypted femi. AlAough iany device that is 
connected to the medium can receive the scrambled or encrypted i^ the 
devices of those users who have paid to have access to the information are able to 

30 unscramble or decrypt the information. 

2 
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A service distribution organization, for example a CATV company or a satellite television 
company, provides its subscribers with information from a number of program sources, 
that is, collections of certain kinds of information. For example, the History Channel is a 
program source that provides television programs about history. Each program provided 
by the History Channel is an "instance" of that program source. When the service 
distribution organization broadcasts an instance of the program source, it encrypts or 
scrambles the instance to form encrypted instance. An encrypted instance contains 
instance data, which is the encrypted information making up the program. 

An encrypted instance is broadcast over a transmission medium. The transmission 
medium may be wireless or it may be "wired", that is, provided via a wire, a coaxial 
cable, or a fiber optic cable. It is received in a large number of set top boxes. The 
function of set-top box is to determine whether encrypted instance should be decrypted 
and, if so, to decrypt it to produce a decrypted instance comprising the information 
making up the program. This information is delivered to a television set. Known set top 5 
boxes include decryptors to decrypt the encrypted instance. , - - ^ 

Subscribers generally purchase services by the month (though a service may be a one- 
time event), and after a subscriber has purchased a service, the service distribution 
organization sends the set top box belonging to the subscriber messages required to 
provide the authorization iriformation for the purchased services. Authorization 
information may be sent with the instance data or may be sent via a separate channel, for 
example, via an out-of-band RF link, to ^ set top box. Various techniques have been 
employed to encrypt the authorization information. Authorization information may 
include a key for a service of the service distribution organization and an indication of 
what programs in the service the subscriber is entitled to watch. If the authorization 

information indicates that the subscriber is entitled to watch the program of an encrypted 

. r-.. .-"^ .' i..:^..;it-..": ■ 't ".'•!. ■.■■.r:7! "■ .•••!,• •.' 

instance, the set-top box decrypts the encrypted instance. 

• • ' ■ : ■. ■ •. :'■,;!.. vi"-- ■ ■ • : ^iM os • ■■ . 

. • 'v:'. .f.'..' ■ ■. S" . . ".j • . 
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It will be appreciated that "encryption" and "scrambling'' are similar processes and that 
"decryption" and "descrambling" are similar processes; a difference is that scranabling 
and descrambling are generally analog, in nature, while encryption and description 
processes are usually digital. 

5 

The access restrictions are required in both analog and digital systems. In all systems, the 
continued technological improvements being used to overcome the access restrictions 
require more secure and flexible, access restrictions. As more systems switch from an 
analog format to a digital format, or a hybrid system, containing both analog and digital 
10 formats, flexible access restrictions will be required. 

Restricting access to broadcast information is even more import^t for digital 
information. One reason for this is that each copy of digital information is as. good as the 
original; another is that digital information can be compressed, and consequently, a given 

15 amount of bandwidth carries much more information in digital form; a third is that the 

service distribution organizations are adding reverse paths which permit a set-top box to 
send a message to the service distribution .orgianization, thereby permitting various 
interactive services. , . , . . . - - 

Thus, the service distribution organizations req^ 

20 more secure and more flexible than those in conventional systems, ^ 

Brief Description of the Drawing 

FIG. 1 is a block diagram of a conditional access sy.stem; 
FIG^ 2 A is a- block diagram of the seryice instance encryption techniques 
25 disclosed herein; : , , . r ; 

FIG* 2B is a block diagram of Ihe service instance decryption techniques 
'■ -^disclosed herein;- ' *■. r^- .-r. - ^; • ''^r, • 

FIG. 3 is a m6re detailed block-diagram of the service instance encryption and 
decryption techniques disclosed herein;: wlt/i^:, ^ / :> > r.: . 
30 . ; > : :FIG.,4isabJock.diagramof the 
entitlement agents to a DHCT; 
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FIG. 5 is a block diagram of a digital broadband delivery system in which the 
conditional access system is implemented; 

FIG. 6 is a block diagram of the conditional access system in the digital 
broadband delivery system of FIG. 5; 

FIG. 7 is a diagram of an MPEG-2 transport stream; 

FIG. 8 is a diagram of how EMMs are mapped into an MPEG-2 transport stream; 
FIG. 9 is a diagram of how EMMs are mapped into an IP picket; 
FIG. 10 is a diagram of how ECMs are mapped into a MPEG-2 transport stream; 
FIG. 11 is a detailed diagram of an EMM. 

FIG. 12 is a detailed diagram of a preferred embodiment of DHCTSE 627; 
FIG. 13 is a diagram of the contents of memory in DHCTSE 627; 
FIG. 14 is a diagram of how NVSCs iare allocated to entitlement agents in a 
preferred embodiment; 

FIG. 15 is a diagram of an EAD NVSC; 

FIG. 16 is a diagram of other kinds of NVSCs; 

FIG. 17 is a diagram of an event NVSC; ' ^ » - ^ 

FIG. 18 is a diagram of a global broadcast authenticated message (GBAM); ^"^^ 

FIG. 19 is a detail of the contents of one kind of GBAM; 

FiG. 20 is a diagriam showing how GBAMs hiay be used generally to provide data'^ 
to a client application; 

FIG. 21 is a diagram of a forwarded purchase message; 

FIG. 22 is a diagram of the entitlement unit niessage in an ECM; 

FIG. 23 is a diagram of a code message; 

FIG. 24 is A diagram showing the reliationship between TEDs and "the rest of 
conditional access system 601 ; . . . . 

FIG. 25isa^detaileddiagramTofaTED; . V: 'v ' i A i 

FIG. 26 is an illustration of the coordinate system used for spotlight and' blackout; 
; ^ FIG; 27 shows how an area is computed in the coordinate sy^ehi of FIG. 26; 

FIG. 28 is a description of a public ikey hierarchy; and^ - '. '■^ ■ . 
J' . V. FIG.^29 jis a description of an EMM generator according to the^present invention. 

i 
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The reference numbers in the drawings have at least three digits. The two rightmost digits 
are reference numbers within a figure; the digits to the left of those digits are the number 
of the figure in which the item identified by the reference nimiber first appears. For 
example, an item with reference number 203 first appears in FIG. 2. 

Detailed Description of a Preferred Embodiment 

The following Detailed Description will first provide a general introduction to a 
conditional access system and to encryption and decryption, will then describe how 
service instance encoding and decoding is done in a preferred embodiment, and will 
thereupon describe the techniques used in the preferred embodiment to authenticate the 
ECMs and EMMs of the preferred embodiment. Next, the Detailed Description will 
describe how EMMs can be used to dynaniically add and remove access to services and 
the role of encryption and authentication in these operations. Finally, there will be a 
detailed exposition of how the techniques described in the foregoing are employed in a 
broadcast data delivery system with a node structure and a reverse path from the set top 
box to the head endi of how secure processors and memory are employed in the preferred 
embodiment to protect keys and entitlement infomiation, and of how certain operations 
are performed in the prefen-ed enibodinient. . ' i 

Conditional Access System Overview ' ' 

FIG. 1 provides an overview of a system 101 for limiting access to broadcast information. 
Such systems will be termed in the as "conditional access systems". A service distribution 
organization 103, for example a CATV company or a satellite television company, 
provides its subscribers with information from a number of services^that is, collections of 
certain kinds of infoiination. For example; the History Channel is a service &at provides 
television programs about history. Each program provided by the History Cliannei is an 
"instance" of that service. When the service distnbutioh organization broadcasts an 
instance of the sctvicc, it enicrypts or scrambles the instance to form encrypted' ihstance 

r 6 
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105. Encrypted instance 105 contams instance data 109, w 

information making up the program, and erititlefrient control messages (ECM) 107. The 
entitlement control messages contain information needed to decrypt the encrypted portion 
of the associated instance data 109. A given entitlement control message is sent many 
5 times per second, so that it is inwnediately available to any new viewer or a service. In 

order to make decryption of instance data 109 even more difficult for pirates, the content 
of the entitlement control message is changed every fe^y seconds, or more frequently. 

Encrypted instance 105 is broadcast over a transmission medium 1 12. The medium may 
10 be wireless or it may be "wired", that is, provided via a wire, a coaxial cable, or a fiber 

optic cable. It is received in a large number .of set top boxes 1 13(0 ... n), each of which is 
attached to a television set. It is a function of set-top box 1 1 3 to determine whether 
encrypted instance 1 05 should be decrypted and if so, to decrypt it to produce decrypted 
instance 123, which is delivered to the television set. As shown in detail with regard to set 
15 top box 1 13(0), set top box 1 13 includes decryptor 1 15, which uses a control word 1 17 as 

a key to decrypt encrypted instance 105. Control word 1 17 is produced by control word 
generator 1 19 fi-om information cpntained in entitlement control inessage 107 and 
information from authorization information 121 stored in set-top box 1 13. For example, 
authorization information 121 may include a key for the service and an indication of what 
20 programs in the service the subscriber is entitled to watch. If the authorization 

information 121 indicates that the subscriber is entitled to watch the program of encrypted 
instance 105, control word generator 119 uses the key together with information from 
ECM 107 to generate control word 117.. Of course, a new control word is generated for 
each ne>v ECM 107. . . 

The authorization information used in a particular set top box 1 13(i) is obtair^ed from one 
or more entitlement management messages 111 addressed to set top box 1 13(i). 
Subscribers generally purchase services by the month (though a service may be a one- 
time event), and after a subscriber has purchased a service, service distribution 
30 organization 103 sends set top box 1 13(i) belonging to the subscriber entitlement . 

management messages 1 1 1 as required to provide the authorization information 121 
required for the purchased services. Entitlement management messages (EMMs) may be 

7 
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sent interleaved with instance data 109 in the same fashion as ECMs 107, or they may be 
sent via a separate channel, for example yia an out-of-band RF link, to set top box 1 13(i), 
which stores the information fix>m the entitlement management message (EMM) 1 1 1 in 
authprization information 121 . Of course, various techniques have been employed to 
5 encrypt entitlement management messages 111.^ 

Encryption and Decryption Generally, 

The encryption and decryption techniques used for service instance encoding and 
decoding belong to two general classes: synmietrical key techniques and public key 

10 . techniques. A symmetrical key encryption system is one in which each of the entities 
wishing to communicate has a copy of a key; the sending entity encrypts the message 
using its copy of the key and the receiving entity decrypts the message using its copy of 
the key. An example synunetrical key encryption-deci^tion system is the Digital 
Encryption Standard (DES) system. A public key encryption system is one in which each 

15 of the entities wishing to communicate has its own public key-private key pair. A 

. message encrypted with the public key can only be. decrypted with the private key and 
vice-versa. Thus, as long as a given entity keeps its private key secret, it can provide its 
public key to any other entity that wishes to conununicate with it. The other entity simply 
encrypts the message it wishes to send to the given entity with the given entity's public 

20 key.and the given entity uses its priyate key to, decrypt the mess?ige..,Wberje entities are 

exchanging messages using public key,encryption, each entity must have the other's 
public key. The private key can also be used in digital signature operations, to provide 
authentication. For details on encryption generally and symmetrical key and public key 
encryption in particular, see Bmce SchneicT,Applied Cryptography ^ iohn Wiley and 

25 SQnS',Ne>y York, :1 994. . . , . ..... ^ - ' 

The design ofr an. e;ncrypt|on sys^^^ for. a.giyen .application ,m^ of * 

considerations. ^ As will be seen in the follo^ying, considerations that are particularly 
important in the broadcast message environment include the follo>ying;.. 
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• key security: A symmetrical key system is useless if a third party has access 
lo the key shared by the commiinicating parties, and a public key system is 
also useless if someone other than the owner of a given public key has access 
to the corresponding private key. 

• key certification: how can the recipient of a key be sxire that the key he or she 
has received is really a key belonging to the entity to which the recipient 
wishes to send an encrypted message and not a key belonging to another entity 
which wishes to intercept the message? 

• message authentication: how can the recipient of a message be sure that the 
message is from the party it claims to be from, and/or that the message has not 
been altered? 

• speed of encryption and decryption: in general, symmetrical key encryption' 
systems are faster than public key encryption systems and are preferred for use 
with real-time data. 

• key size: in general, the longer the key used in an encryption system, the more 
resources will be required to break the encryption and thereby gain access to'* 
the message. ' » - - ........ 

All of the foregoing considerations kre influenced by the fact that the environment in 
which a conditional access system operates must be presumed to be hostile. Many 
customers of broadcast services see nothing wrong with cheating the service^ provider and 
have nothing against tamperihg physically with the portion of the conditional access 
system that is contained in the receiver or using various 'ciyptographic attacks to steal 
keys or to deceive the receiver about the source of the messages it receives. Moreover, 
the providers of the systems that actually broadcast the services do not necessarily have 
the saihe' interests as' the providers of the-semce cohteriu's^ control not 

only Who can access a given instance of a^ also what entities can offer services 
to a given receiver.^" • '.• ^- ' -^-^ - * 
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Service Instance Encryption and Decryption: FIGs* 2 A and 2B 

In overview, the encryption system of the present invention uses symmetrical key 
encryption techniques to encrypt and decrypt the service instance and public key 
encryption techniques to transport, a copy of one of the keys used in the symmetrical key 
5 techniques of the key from the service provider to the set-top box. 



In Fig. 2 A, clear services such as the elementary digital bit streams which comprise 
MPEG-2 programs are sent through a level encryption called the Program Encrypt 
function 201, which is preferably a symmetric cipher such as the well-jcnown DES 

10 algorithm. Each elementary stream may be individually encrypted and the resulting 

encrypted streams are sent to MUX 200 to be combinedwrith other elementary streams 
and private data, such as conditional access data. The key used in the Program Encrypt 
function 201 is called the Control Word (CW) 202. The CW 202 is generated by control 
word Generator 203 which can be either a physically random number generator or can use 

15 a sequential coimter with a suitable randomization algorithm to produce a stream of 

random CWs. A new CW is generated frequently, perhaps once every few seconds and is 
applied.tp each elementary stream on the same time scale. Each new CW is encrypted by 
Control Word Encrypt & Message Authenticate function 204 -using a Multi-Session key 
(MSK) 208 provided by Multi-Session Key generator .205, The CW is then combined into 

20 an ECM 1 07 with other service-related.information. The ECM 1 07 is authenticated by 

Control Word Encrypt & Message Authejiticate function 204 which produces a message 
authentication code using a keyed-hash value derived from the message content combined 
with a secret which can be shared v^th the receiving set-top box 113. This secret is 
preferably part or allof the MSK 208. The message authentication code is appended to 

25 the rest of the ECM 107. The CW 202.is always encrypted before being sent along with 

the other parts of tiie ECM to MUX 200. This encryption is preferably a symmetric 
cipher, such as the TriplerDES algorithm using two distinct 56-tj keys (which taken 
together comprise MSK 208).. .3: . v-.. ; 

30 The MSK 208 has a longer lifetime than CW 202. The M!SK lifetime is typically hours to 

days in length. MSK 208 is both encrypted and digitally signed by MSK Encrypt & 
Digital Signature fimction 206 before being sent to MUX 200 encapsulated in EMM 111. 
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M SK 208 and other parts of EMM 111 are preferably encrypted using a public key 
algorithm, such as the weli-kxio^vn RSA algorithm; with a public key associated with the 
specific set-top box 1 13 to which the EMM is addressed. The public keys of all set-top 
boxes 1 13 in a system 101 are stored in Public Key Data Base 207. The public keys in 
this data base are preferably certified by a certificate authority. The digital signature 
function in 206 is preferably the RSA digital signature method, although others could be 
used. In the case of an RSA digital signature, the private key which is used to make the 
signature belongs to the entitlement agent within service distribution organization 103 
responsible for authorizing the associated service. 



In FIG. 2B, the corresponding DHCT private key and associated DHCT public secure 
micro serial number are stored in memory 232 of decoder 240. Public secure micro serial 
number is provided so that demultiplexer 230 can select an encrypted multi-session key 
addressed to decoder 240 from transport data stream (TDS). Ehcryptibd multi-session key 
1 5 (MSK) is deciypted in decryptor 234 using DHCT private key from memory 232 to 

provide multi-session key MSK. Demultiplexer 230 also selects from transport dkta 
stream TDS encrypted control word (CW) E^s^ (CW)! The ^ncryptefd CW is proc^sed in 

decryptor 236 using multi-session key MSR as the decryption key to provide Ae 

t 

unehcrypted CW . The unencrypted CW preferably changes at a high rate,' for exaniple, 
20 once every few seconds. Demultiplexer 230 also selects from transport data stream TDS 

: encrypted service Ecw (SERVICE). The encrypted service is processed in decryptor 238 
using the CW as the decryption key to recover the luiencrypt 

Detailed Implementalion of the Encryption 'System of FI^ 
25 ' FIG. 3 presents more details about a preferred implementation of rfie system of FIG. 2. 
Encryption/decryption sys'tem^DT has two main comi>onents: service bngination 
' component 305 arid service recep^ron component 333. The two *afe* connected by a 
transmission medium 331, which may be any mediiim' whicK Will carry ainessage from 
service origination component 305 to service reception component 333. Service reception 
30 component 333 is implemented in a set-top box, tenned hereinafter a digital home 

communications temiinal (DHCT). It may, however be implemented in any device which 
has the necessary computation power, for example, a personal computer or work station 
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or an "intelligent" television set. In.the service origination component, at least the portion 
labeled 306 is typically implemented in equipment located at the head end of a . 
broadcasting system such as a cable television (CATV) or satellite TV system. In some 
embodiments, however, the head end may be provided with already-encrypted instances 

5 of the service. The remaining portion 308 may also be located at the head end, but may 

also be located anywhere which has access of some kind to head end 306 and service 
reception component 333. The latter is particularly the case if the EMMs are sent put of 
band, for example by way of a wide-area network such as the Internet. Also, the 
transmission medium may be storage media, where the service origination point is the 

10 manufacturer of the media, and the service reception component may be the element 

which reads the storage media. For example, the transmission medium can be a CD- 
ROM, DVD. floppy disk, or any other medium that can be transferred, physically, 
electronically, or otherwise. 



15 Beginning with service origination portion 305, random number generator 307 is used to 

generate MSK 309. Next, an EMM 315 containing MSK 309 and related information is 
produced. EMM 3 1 5 also includes a sealed digest- The sealed digest has two purposes: 
to ensure that the information placed in EMM 315 by service origination 305 is the same 
information that arrives at DHCT 333 and to ensure that the informaition has in fact come 

20 from an entity which is empowered to give access to the.service. - v . : 

The sealed digest is made in.two stages: first, a digest of the EMM's cpritents (here, MSK 
309 and the related information) is made by hashing the contents in a secure one-way 
hash function to produce a relatively short bit string. The secure one-way hash function 
25 has three properties:-; . ~ , . . . . . . . . ^ . _ , 

, • . the contents that were hashedto^ produce the shprt bit string cannot be 
. determined from Ae shpit ^; ; „ . , , 

. - . * J . .any. chaiige in what is hashed pr9duc.es a phange in the short bit string; and 

, : it is compirtationaUy infeasible tq cpnstj-uct a different message which 

30 ^ .... ' . produces the; same short bit st^ - , . ... . .. . , ... 

. , . Jhe; short bit string,putput of the hMh^funciigncan thus be usedto deteirttin^^whe^^^ the 
i • '/ 1 - ^iiCpntegits of the; EM^^^ changed in traiM;it;witbout;diselQ thpse contents- i/The 
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preferred embodiment uses the Message Digest 5 one way hash function, as indicated by 
the notation MD5. For details on one-way hash functions, see the Schneier reference, 
supra. The digest is a sealed digest because it is encrypted with a private key SP Kr 310 
belonging to the entitlement agent (EA) that has the right to give the DHCT access to the 
service for which the MSK is used to produce the key. Before the sealed digest can be 
used to check whether the EMM was transmitted correctly, it must be decrypted using the 
entitlement agent's public key. The sealed digest thus confirms to the DHCT both that 
the contents of the EMM have been transmitted correctly and that the source of the EMM 
is the entitlement agent. 

Once the sealed digest is made, the contents of the EMM (here, MSK 309 and the related 

information) are encrypted with the public key DHCT Ku 312 of the DHCT 333 to which 

EMM 3 1 5 is addressed and EMM 315, containing the encrypted contents and the sealed 

digest, is sent via transmission medium 331 to the DHCT 333. In the following, the 

notation Kr is used to indicate a private key and ATii is used to indicate a public key. The 

. • - • VP'', 

notation RSA indicates that the encryption is done using the well-known RS A public key 

■ . I* 

encryption algorithm. i . . . . , . 

As shown in DHCT 333, EMM 315 can only be decrypted by the DHCT'333 whose^ 
private key 337 (DHCT Kr) corresponds to the public key used to encrypt EMM 315. 
DHCT 333 decrypts EMM 315 and uses the sealed digest to detemiine whether the EMM 
315 was correctly transmitted. -The determination is made by using public key SP Ku 335 
for the entitlement agent to decrypt the sealed digest. Then the contents of EMM 315 are 
hashed using the same secure one-wiy hash function that was used to make' the digest. If 
the results of this hash are identical to the decrypted sealed digesu the determinauon 
succeeds. The check with the sealed digest will fail if the transmission to'the DHCT 333 
was corrupted in transit, if DHCT 333 doe^ not have the private key * corresponding to the 
public key used to encrypt the EMM (iie.v is not iht DHCT 333 for'which EMM 3 1 5 was 
intended), or if DHCT 333 does hoi hAVe piiblic key 335 (SPiKli) corresponding to the 
private key of the EA that \vas used to-iSake the sealed digest-.- The latter will be the case ' 
4f tha£t-DHCT 333 has hot^be^n'^givga^iaSSfeW t^^^rvices provided by iht €htittemenl agent. 
•'^EMMs 315 addressed to DHGT 333 aSS sciW rejieatedly cdii^cltii^fenllyi^if Ihe p^ was 
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corruption in transit, an vmcorrupted EMM 31 5 will be received shortly and the . 
determination will succeed. How DHCT 333 comes to have SP Ku 335 needed to decrypt 
the sealed digest will be explained in more detail later. 

The next stage in service origination 305 is generating control word 319 used to actually 
encrypt service instance 325 and generating the ECM 323 which carries the information 
needed to.decrypt the service instance to DHCT 333. The control word 319 is generated 
by random number generator 3 1 7. This can be a true random number generator, whose 
output is the result of some basic underlying random physical process, or some other 
means, for example, the result of encrypting a value, called a "counter" (which increments 
by one after each use) with 3DES, using the MSK as the key; In the case of a tme random 
number, the encrypted control word is transmitted in the ECM. In the case of the counter- 
based control word generation, the clear version of the "counter" is used in the transmitted 
ECM. As mentioned above, the control word is a short-term key, i.e, it has a life time of a 
few seconds or less. Included in the ECM 323 is a digest of the contents plus the MSK 
which is made using the MD5 one-way hash just described.. The inclusion of the MSK in 
making the digest gives the entitlement agent to which the ECM 323 belongs a shared 
secret with the.DHCTs 333 that are entitled to' receive service instances from the 
entitlement agent and consequently . prevents "spoofing!* of ECMs 323, that is, provision 
of ECMs 323 from a source other than the entitlement agent: As will be seen in more 
detail later, the preferred embodiment uses the shared secret technique generally to 
authenticate messages which contain messages that have real-time value with regard to an 
instance of a service. : =. , - 

ECM 323 is sent together with encrypted content 329 to DHCT 333. The first ECM 323 
for a given portion of encrypted content 329 must of course arrive at DHCT 333 before 
the encrypted content does. In the preferred embodiment, content 325 and ECM 323 are 
encoded according to' the MPEG-2 standard; -The standard provides for a transport stream 
which includes a number of component: streams. Some of these^cairy content 329; 
another carries the ECMs 3 23 , and a third carriies the EMMis' 3 15l Only the streams 
carrying content 329 are encrypted according to- DES329;5inbe the control words in - 
ECMs 323 and the contents of EMMs 315 have already been encrypted, no fiirther 
encryption is needed when they are sent in the MPEG-2 transport stream. The manner in 
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which EMMs and ECMs are transported in the MPEG-2 transport stream will be 
described in more detail later. 

When an ECM 323 is received in DHCT 333, control word 3 1 9 is either decrypted or 
5 found by encrypting the counter value at 343 using the MSK. The integrity of the 

contents of the ECM 323 is checked by comparing the value resulting from hashing the 
contents plus some or all of the MSK (based on cryptographic principles) in the one-way 
hash fimction with the message digest contained in ECM 323. Included in the contents 
are control word 319 and information identifying the service instance 325 which ECM 
10 323 accompanies. The identifying information. is used together with the authorization 
infonnation received with EMM 315 to determine whethbr DHCT 333 is authorized to 
receive the service instance 325. If it is. control word 31 9 is used in service decryptor 347 - 
to decrypt encrypted content to produce original content 325-. .. . Jr- . 

15 . System 301 offers a number of advantages with regard to security. . It takes advantagejof 

the speed of symmetrical encryption systems where that is needed to decrypt encrypted? - 
content 329 and the control word in ECM. 323 ■. The control word is proteetefl by 
encrypting, it using :the MSK, and -ECM 323 is authenticated by using^some or all of NKK 
.. 309 as a shared secret between; the entitlement :a^nt. and DHCT 333. MSK 309 is^ 'iss. 
20 - protected in tiim by the fact that it is sent, in an EMM which is encrypted using the*t . . 
DHCT's public key and by the fact that the EMM includes a sealed.digest which is 
. ' ^ encrypted using the entitlement agent's private key. Eiirther security is provided by the 
fact that service identification information from ECM 323 must agree with the . 
' authorization infonnation receivpd.in EMM 315 before control word 319 is. provided to 
25 service decrypjtor, 347. For exampje^ as described in detail in the<Banker and Akins parent r 
. /.patent applicatijpn-swpra. one use. of the information inECM 323.and EMM 315.isto 
. prevent what'are'termed."replay attacks xon.the.enciypted*seiviqes^^^ 
seciire, system-301 is. flexible.: The authorization: infortnatioft contained in EMM 315 and 
the seryice identification; information contained in- ECM 323'togetiiej. permit a wide range 
30 ;i.of'access to service instances receiy!Bd;in.DHGT333..j .> :i .. -.. '^ l; .:i v- • . . -r j 
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Dynamic Provision of Multiple Entitlement agents to DHCT 333: FIG. 4 
The use of the sealed digest in EMM 315 means that DHCT 333 will not respond to 
EMM 3 1 5 unless it has a public key for the entitlement agent that has the power to give 
entitlements to the service to be decrypted by the MSK in EMM 315. This is part of a 
broader arrangement which makes it possible to dynamically provide DHCT 333 with one 
or more entitlement agents and to dynamically remove provided entitlement agents from 
DHCT 333. 

The entity which provides and removes entitlement agents is called the conditional access 
authority (CAA). The arrangement further permits entitlement agents that have been 
provided to DHCT 333 to dynamically modify their authorization information in DHCT 
333. All of the information needed to perform these operations is sent via EMMs, with 
the sealed digests being used to ensure that only the CAA may add or remove entitlement 
agents and that only the entitlement agent to which authorization information belongs 
may modify the authorization information. 

The above arrangement has a number of advantages: , / - ; , • - - 

• . It permits multiple entitlement agents. : 

• It permits dynamic add^ion and removal of entitlement .agents. . 

• -It places limits. on the services to which an entitlement agent may vgrant 
entitlements, but othervvise pennits entitlement agents to manage their own 
authorization information. -.r 

• It separates the business of providing entitlements to services and service 
instances from the biisiness of actually providing instances of the . service; 
coiisequently, a CATV operator may simply run as a distribution utility. 

• It separates the business, of giving an entity the right tp be anicntitlement agent 
firom the business of being an entitlement agent. 

.... f : It provides an easy way of permitting a, customer to change, entitlenient agents 
• T* as heprshe sees^fit.,. • --/^ -j r' •>/ j ■ '\^:-v 

. : 9. It provides asecurp airmgement whereby a DHCT 333 may.cbmmunicate by 

r r :: ; PP^enti4l!3':the prpyi4er of the instances .of -the sjervice. .: 1 1 . 
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FIG. 4 shows how the arrangement is implemented in a preferred embodiment. FIG. 4 is 
best imderstood as an extension of FIG. 3. Both* FIG. 4 and FIG. 3 have the same major 
components: service origination 305, DHCT 333, and transmission medium 331 for 
coupling the two. Further, encryptor 313 and decryptor 339 are used in both figures. 
5 Moreover, as indicated by reference number 308, the EMMs may be either sent together 

with a service instance or by another channel. FIG. 4 further shows an additional 
component of DHCT 333, namely EMM manager 407. EMM manager 407 is 
implemented in software executed in a secure processor in DHCT 333. The task of EMM 
manager 407 is to respond to EMMs which add or remove entitlement agents and to 
10 EMMs which modify the authorizations for an entitlement agent. EMM manager 407 

further provides messages by means of which DHCT 333 may communicable with an 
entitlement agent or a conditional access authority. 

Initially, EMMs that modify an entitlement agent's authorization information are made in 
15 response to modification information 403 provided by the entitlement agent or required 

by the network operator. As shown at 313, the modification information is eiicrypted 
using the public key 3 12 for DHCT 333 and has a sealed digest that is encrypted usifig the 
private key 310 for the entitlement aigent. The resulting authorization rhodification EMM 
405 is sent via trarismissiori medium 331 to deciyptor 339 in DHCT 333, where if is"^ 
20 ' decrypted and checked in the manner described above for EMMs 315 containing an MSK. 
The EA modification information 403 contained in the EMM goes, however, to EMM 
/ manager 407, which uses the information to modify the authorization information for the 
entitlement agent in DHCT 333. Examples of modifications include adding or canceling 
sfervices provided by the entitlement authority ihd changing the conditions under which 
25. . access to*instances 6f a given service will be granted. * - • 

^ - As indicated above,~the seded digisst is' encrypted lisirig the private key of the entitlement 
agent. Consequently, the validity of the EMM can only be dkermined if DHCT 333 has 
the entitlement agent's public keyi Tl^e^ public key for an-entitfement ^ent is provided to 
30 DHCT 333 by an-EA allocation EMM 4l3 fr6Tti a coridiiiohal access Authority. EMM 
413 eont^ns entitlOTient^agerit allocation inforrifation 409 fibm'the'cbriditional access 
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authority; at a minimum, entitlement agent allocation inforaiation 409 contains the public 
key for the entitlement agent; it may also contain infomiation about the amount of 
memory an entitlement agent may have in DHCT 333 and about classes of service that an 
entitlenient agent may offer. For example, the entitlement agent may not be permitted to 
5 offer interactive services. Information 409 is encrypted with the public key 3 12 of DHCT 

333, and the sealed digest is encrypted with private, key 41 1 of the conditional access 
authority. . 

In DHCT 333, EMM 413 is decrypted using private key . 3.37 belonging to DHCT 333 and 
10 the sealed digest is decrypted using CAA public key 415. If the digest confirms the 

correctness of the contents of the EMM, EMM manager 407 allocates storage for the 
entitlement agent whose public key is contained in EMM 413. That done, EMM manager 
407 places the entitlement agent's public key in the storage. The storage provides a place 
to store the entitlement agent's public key, the authorization information for the services 
15 and service instances provided by the. entitlement agent, and the MSKs provided by the 

entitlement agent. Once DHCT 333 has the entitlement agent's public key and storage for 
the entitlement agent's authorization information and MSK, EMM manager 407 can 
respond to EMMs fix>m the entitlement agent. Of course, in order, to decrypt the sealed 
, digest, DHCT 333 must have public key 4.1 5 for the conditional access; authority. As will 
20 be explained in more detail later on. in a preferred embodiment, public key 415 §ind the 

public and private keys for DHCT 333 are installed in DHCT 333 at the time that DHCT 
333 is manufactured. - ^ - . - 

When a customer orders a service, the arrangements just described interact as follows: 
25 1 . If the service is provided by an entitlement agent for which the customer's DHCT 

333 does not have the public key, the conditional access^uthority.must first send 
; . V EA allocation;EMM413:to DHCTf333;:EM 
, , :r ^ allocating storage fprthe. entitle^ Ooly the.conditional access authority 

, can send.EA.aJlocatioD EMM 41:3t, arid consecjuently, the conditional access 

30 . ; : j;^: - ^^thority: (CAA) can control acqessitly entitlement; agents. to. customers:^of a 
: :.. - rji ^p^eul2^.seryice distribution o^gan'i^^^^ / • • /i: : 

' .r :::::: .iU ^ >. *{X. rs:-- n.>, ■^..civ '/.'^^^ • z . : 
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2. If DHCT 333 has the entitlement agent's public key, either because step (1) has 
just been performed or was performed at soine time in the past, the entitlement 
agent sends modification EMM 405 with the authorization information for the 
newly-ordered service or service instance-to DHCT 333. EMM manager 407 

5 responds thereto by storing the authorization information in the allocated space. 

3. Once step (3) is done, DHCT 333 can receive EMM 3 1 5 with the MSK for the 
service from the entitlement agent. EMM manager 407 stores the MSK in the 
allocated space. 

4. When the actual service instance is sent, it is isiccompanied by ECMs containing 
10 the current control word. The MSK is used to decrypt the ECMs and the control 

words obtained from the ECMs are used to decrypt the instance of the service. 

The above use of EMMs and ECMs to.control access to instances of a service thus - 
guarantees that no entitlement agent will have access to DHCT 333 without permission of 

15 the conditional access authority and that ho DHCT 333 will have access to an instanc(#df 

a service without permission of the entitlement agent for the service: It also makes ir^*""^ 
possible for the entitlement agetit to be in ctttnplete control of the service. Access to'tfie 
service is defined by the EMMs 405 and 3 1 5; and these may be sent by the ehtitleiheif^ 
agent to DHCT 333 independemly 6f the seivice^d^^^ 

20 the entitlement agent which provides the MSK used to generate cohtrol words and^^ecrypt 

the ECM to both the service distribution brganizatioii and DHCT.333. Indeed, if the 
entitlement agent wishes to do so, it can itself provide encrypted instances of the services 
to the service distribution organization, which, in such a case, merely functions as a 
conduit between the entitlemetlt agent and DHCT 333: - 

. Secure-Transmissidn of Messages via the ReveVsc path - - »^ ~ " 

FIGl 4 also shows how the teChniques-usea taensur^ are also used 

to ensure the security of messages sent^fr^ni DHCT 333 . * The example^^hdwn in FIG. 4 is 
a forwarded purchase message (FPM)? -The fdrwM-ded purchase messaige' is used for the 
30 interactive purchase of an instaiuie^ofiasservi'ce: One exaniple of stich a ptirchase is what 

is called impulse pay-^per-view^ or IPPiVSsfcs siidh^^ system^ the beginniiTg event, for 
example, a baseball game, is broadcast generally and customers can decide whether they 
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want to see all of it. In that case, they must provide input to DHCT 333 that indicates that 
they wish to see the entire event, EMM manager 407 responds to the input by making the 
FPM and sending it to the entitlement agent so that the entitlement agent can charge the 
customer for the event and send an EMM 315 cdnfimiing that DHCT 333 may continue 
5 to decrypt the event. The infomiation needed by the entitlement agent is forwarded 

entitlement infomiation 417; to ensure the privacy of the customer, this information is 
encrypted using the 3DES algorithm with a key 420, as shown at 343, to produce 
encrypted forward entitlement information 419. The key 420 is. composed of two 56-bil 
DES keys. The 3DES encryption operation is a sequence of three DES operations: 
10 encryption using the first DES key, decryption using the second DES key. and encryption 

using the first DES key Then key 420 is encrypted using the public key 335 of the 
entitlement agent and the sealed digest is made using the private key of DHCT 333. All 
of these parts together make up forwarded purchase message 42 L which is addressed to 
the entitlement agent. . ... 

At the entitlenient agent, key 420 is decrypted using the entitlement agent's private key 
. 310, and the sealed digest is decrypted using the public key 3 1 2 of the DHCT. If the 

Encrypted Forwarded Entitlemerit lpfoimation (EE 419 contained in the FPM 421 is 
. determined not to have, been tampered with, it is passed to 3DES decryption 443. which 
20 decrypts it. using key 420 and provides forwarded entitlement information 4 17 to the 

entitlement agent. As will be immediately apparent the same technique, with or .without 
the 3DES encryption of the contents . of the message, can .be used to send messages to any 
entity for which DHCT 333 has the public key. At a minimimi, this includes the CAA 
and any entitlement agent which has been.allopated memory in DHCT 333. 

Authenticadon of Global Broadcast Messages. ? : i S ' ^ , 

A global broadcastiTiessajf is one whichis jipt addressed to any individual DHCT 333 or 
. to any group of DHGTs 333. In.^ enibodiment, global broadcast messages 

accompany instancesrof services.and cpntmn information ,t^^ instance 
30 . they accompany. Cpnsequently, the enci^ption and authentication: techniquesmsed in the 
"J global^ broadcast -mess^es must permitjraLpid dpcryptiori and authenticityxhecking. One 
. . rexarople of a^g^^^^^^ jg the EGM.: Other examples are the different 
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types of global broadcast authenticated messages, or GBAMs. As with ECMs, it is 
necessary to prevent global broadcast riiessages from being spoofed, and it is done in the 
same fashion as with the ECMs. More specifically, the digest is made using some or all 
of the MSK together with the content of the global broadcast message. The MSK thus 
functions as a shared secret between the entitlement agent and DHCT 333. When EMM 
manager 407 receives the global message, it makes a digest using the contents of the 
received message and the MSK and responds to the received message only if the digest 
agrees with the one contained in the message. An advantage of using a digest made with 
the MSK to authenticate the global broadcast message is that the digest may be both made 
and checked very quickly. 

Implementation of the Conditional Access System in a Digital Broadband Delivery 
System .:.*'•.'';■•" 

The foregoing has described the conditional access system in terms of ECMs, EMMs, and 
other messages and in terms of the manner in which the messages and their digests are 
encrypted and decrypted. The conditional access system as just described will vwrk with 
any communications arrangement which permits an instance of a service to b^ delivered 
to a DHCT together with ECMs and other broadcast messages and which peraiits^the 
DHCT to receive EMMs from a conditional access authority and one or mbre erifitlement 
agents. The conditional access system is, however, particularly welKsiiited for use in a 
modem digital broadband delivery system, and the following will' describe how the 
conditional access system is implemented in such a delivery system! - ^ ' 

Ovei^iew of the Digital Broadband^Deliv^iy Systeta: FI^^ 

FIG. 5 provides an overview of digital broadband delivery system (DBDS) 501. DBDS 
501 includes service infrastmcture 503, a headend -51 5, a tt^sport infi^tructure 517, 
hiibs519 (0 ..j n), access'networks 52V^.il^, and Digital Home Go'mmimications 
Terminals (DHGTs) 333.- The Service ihfrastructure ccmsists of Value- Added-Service 
Provider (VASP) systems 509^ wWch are^^^systems that provide services to the bix)ad band 
.delivery:5y^Bm, the DigitaUNetworfe 'Cimti^Sl Syistem (DNCS) 507;; whicK nxanagSs and 
confrolsservices provided iby irtean^dflJBDS^^^ Administrative Gateway (AG) 
::505, which is a source of sdirvice prbviSioAing mXl -aiif^^ 
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501, Network Management System (NMS) 511, which maintains a database of system 
status and perforaiance infomiation, and the Core Network 513, which interconnects other 
Service Infrastructure 503 components with headend 515. In a preferred embodiment. 
Core Network 513 consists of ATM-based switching and transmission facilities. Headend 
5 515 provides an interface between service infrastructure 503 and transport infrastructure 

517. Transport infrastructure 517 provides a high-bandwidth interconnection from 
headend 515 to hubs 519(0..n). Each hub 519(i) serves an access network 521 (i), which 
consists of hybrid fiber coax (HFC) nodes 523 connected via a coax bus network to 
DHCTs 333. A given DHCT,333 (k) in DBDS 501 thus belongs to an HFC node 5320) 
10 in an access network 52 1 (i). Transport infrastructure 5 1 7 and access network 523 may 

provide only a. forward channel from head end 515 to a given DHCT 333(k), but 
preferably provide both a forward channel and a reverse path. Each instance of a DBDS 
50 1 generally provides sjervice to a metropolitan area. 

15 . DBDS 501 can be implemented in a variety of configurations to fit the circumstances of a 
particular service environment. For example, headend equipment may be deployed 
within headend 515, within a hub 51 ?(i), or as part of a V ASP system 509. DNCS 
components 506 may be deployed within headend 515 or distributed among the hubs 519. 
Transport infrastructure 5 1 7 may utilize SONET add/drop multiplexing; analog fiber 

20 technology, or other transmission technologies. 

Overview of the Conditional Access System: FIG. 6 

FIG. 6 shows the components of a preferred embodiment of conditional access system 
60 1 in DBDS 50 1 . Conditional access system 60 l is a collection of components DNCS 
25 507, headend 515, and DHCT 333 that together prpyide security and conditional access 

services. ^ : : . ' ' 

. The components Qf;conditional access: system <601: perform the foUpwing fimctiq 
r 1. encrypting the service; cpn^ ; • > ; . . . y :^ ^ . . _ ^ , 

• .2.. . ;. encryptingithe contro^w^ : . = . 

30 . 3.. authenticating the ECMs, that contain the enqiypted; control words ; 

.4. : passing the ECMs tpDIjCTs .^u, , • . ; p , - 
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5: managing a subscriber authorization database 

6. encr>'pting and authenticating EMMs coritiaining subscriber entitlement 
information 

7. passing the EMMs to DHCTs 

8. decrypting the EMMs and checking their authenticity at the DHCTs 

9. responding to the EMMs by modifying entitlement information in the DHCTs 

10. responding to the ECMs by authenticating them, decrypting the control word, and 
checking entitlement at DHCT 333, and 

11: if the ECM is authentic and the authorizations permit, decrypting the service 
content. 

These requirements are met by the following components of conditional access system 

601: 

Stream Encr>ption & ECM Streamer Modules 620 in head end 515; 

Control Suite 607 in DNCS 507; 
1. Transaction Encryption Device 605 in head end 5 1 5, with secure link to DNCS 
507; . . . • . ~ V 

11. Service Deciyptor Module 625 in DHCT 333; • * 
lil. Security Manager Module 626 in DHCT 333: and - ^ • 

IV.^ • DHCTSE627inDHCT333"- • ' 

FIG. 6 depicts a typical configuration of these components for securing digital services 
within DBDS 501. In the following, the components will be described in more detail. 

Service Encryption & ECM Streanier -Module 620- 

Servjce Enciyption and ECM Streamer (SEES) module 620 is a'componem of QAM 
Modulator 619 that operates under direction of control suite 607 to encrypt the MPEG-2 
transport streafn-pTCkets thM afe^^^^ prefen^d embdditnent to transmit 

service content 325. As shown in FIG. 6, service content 325>raay beteceived from 
sources such as a^digital satellite distribution system 613, a digital terrestrial distribution 
system 6f 1, or a-media server 609. Media-server 609 may be coniiectfed to head end 515 ' 
by a broadband integrated gateway 615. SE€S''62d tises M;SK"309 to generate the control 
words 319 used for service encryption and creates ECMs 323 for transporting the control 
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words together with encrypted service content 329 within the outgoing MPEG-2 
Transport Stream. SEES 620 encrypts the control words in the ECMs 323 with MSKs 
309. The MSKs are generated by TED 603 and are sent to SEES 620 in encrypted form 
in EMM-like messages. 

5 

DHCT333 

DHCT 333 is connected between the HFC network 521 and the customer's television set. 
DHCT 333 receives and interprets EMMs, ECMs, and GBAMs and decrypts instances of 
services. DHCT 333 further provides the customer interface for DBDS 501 and receives 

10 customer input 628 from the customer. In response to the custoiher input. DHCT 333 

may generate FPMs or other messages that travel via the reverse path to the CAA or to 
EAs. In a preferred embodiment, DHCT 333 is implemented using a combination of 
general purpose processors, ASICs, and secure elements (which may be implemented 
discretely or integrated). For purposes of the present discussion, DHCT 333 has three 

15 important components: service decryption module 625. seciirity manager 626. and DHCT 

secure element (DHCTSE) 627. Service decryption module 625 is preferably ^ 
implemented in an ASIC, and security manager 626 is preferably implemented in 
software. DHCTSE 627 is a secure element for performing securify-and conditional 
access-related functions. ' ■ - ' : * . „- 

20 

Service Decryptor Module 625 : 
Service decryptor module 625 is the compohent of DHCT 333 that decrypts the encrypted 
MPEG-2 transport streani packets. Service decryptor 625 receives the control words to be 
used for service decryption from DHCTSE 627. DHCTSE 627 controls which transport 

25 stream packets are decrypted by only passing the control words for authorized services to 

' service' decryptor 625:- ■ — ■ - • - ^ •• " .'-'^ . \ -i;' -:.:- • 

•* Security manager 626"'^- 'c. -/i/rv^;:,.. ^-v . -r v:i-r- : 

Security manager 626 is a software module of the DHCT that provides an interface 
between applications ninning oil DHCT 333 which use the coridiUonal access system and 

30 DHCTSE 627; It also'coof diriates processing, between the service decryptor module and 

DHCTSE-627.^ ' - [ r- j fv^j^ji;-;:'-. : y . . v r r: 

24 
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DHGTSE627 

DHCTSE 627 stores keys, interprets EMMs and EGMs, and produces FPMs. With the 
EMMs and ECMs, it does the decryption and authentication required for interpretation 
and with FPMs, it makes the sealed digest and encrypts the PPM. Thus, in the preferred 
embodiment, EMM manager 407 is implemented in secure element 617. In addition, 
DHCTSE 627 provides encryption, decryption, digest, and digital signature services for 
other applications executing on DHCT 333. Secure element (DHCTSE) 627 includes a 
microprocessor and memory that only the microproceissor may access. Both the memory 
and the microprocessor are contained in tamper-proof packaging. In interpreting EMMs, 
DHCTSE 627 acquires and stores keys and entitlement information; in interpreting 
ECMs, DHCTSE 627 uses the entitlement information to determine whether DHCT 333 
receiving the ECM has an entitlement for the instance of the service which the ECM 
accompanies; if it does, DHCTSE 627 processes the ECM, and provides the controLword 
to service decryptor module 625 in a form that it may use to decrypt or descramble^^ - 
services. DHCTSE 627 further records purchase information for impulse-purchasable 
services such as IPPV and stores the purchase data securely, until the data is sucpessfiilly 
forwarded via a forwarded purchasing message to control suite 607; DHCTSE 627^^ 
maintains MSK for the E;As, the private/publickey pairs for DHCT; 333, and the public 
keys of the conditional access authorities and the entitlement agents. : . 

Control Suite 607 

Control suite 607 is a member of the PNGS family of software. Control suite 607 
controls the encryption of services, performed by a SEES module 620 based upon input 
from the DNCS, broadcast contipl suite component. Control. Suite 607 also maintains a 
database of subscriber authorizations based i^pon transactions, received, .from . 
Administrative Gateway 511. Control suite 607 generates EMMs for coirununicating 
subscriber authorizations and other conditional access param^ers to the .DHCTSE 627, 
Control suite 607 acts on behalf of entitlement agentSv>The EMMs genera 
. suite 607;for conununicating subscriber . authorizations m 

. parameters to DHCTSE 627 are encnptgjlA^^th the public keys: of the DHCTs 333 to 
which they are directed and are authenticated with the private key of the EA;, which is 
maintained by transaction encryption device (TED) 603. DHCTSE 627 maintains the 
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public key of the EA and uses it to confirm the authenticity of EMMs generated by 
control suite 607 for the EA. t . 

Control Suite 607 further enables the establishment of a conditional access authority 
(CAA). Control suite 607 generates EA allocation EMMs 413 which pass the public key 
of the EA to a DHCTSE 627. These EMMs 41 3 are encrypted as described above, but are 
authenticated using a digital signature made with the private key of the CAA, which is 
maintained by TED 603. DHCTSE 627 is pre-provisioned with the public key of the 
CAA for use in confirming the authenticity these EMMs 413. 

Communications between control suite 607 and the rest of conditional access system 601 
are by means of LAN interconnect devices 605 and 617. Deyice 605 connects Control 
Suite 607 to Administrative Gateway 505, from which it receives the information 
necessary to make ECMs and EMMs, and deyice 617 connects it to .the SEES modules 
620 in the QAM modulators and to QPSK modulator 621 and QPSK demodulator 623, 
which are in turn connected to HFC network 521, .The connesction between Control Suite 
607 and DHCT 333 via LAN interconnect device 6.1 7, modulator 621, demodulator 623, 
and HFC network 52 Mmplements. the reverse path needed for; messages such as FPM 421 
and also implements a forward channel to DHCT 333.:^ This forward; channel is 
independent of the forward channel used to provide thc; services.; In conditional access 
system 601, Control Suite 607 can send EMMs or broadcast messages to DHCT 333 
either by the forward channel just described or by sending them together with an instance 
of a service. s ., . , : . . . 



Transaction Encryption Device 603 - . ^ . 

Transaction Encryption Device (TED) 603 seryes as la peripheral to Control Suite 607, 
TED 603, under the direction of Control Suite 607, encrypts and makes sealed digests of 
various condition^ access system mess^^ includirig EMMs.: ,^ED jS03 may also 
generate auid store (MSKs) vviiich are control .words in 

^^the ECMs ajid to.decrypt the control words in DHC^^SE 627. TED 603 fiirther uses the 
MSKs^tc aujyhpntjx^^ the global , broadest mw of condition^ access system 

. messages. Au^^^ is d^ne by -hashing .the contents, pf the .ipessage tpgether with 
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some or all of the MSK. TED 603 decrypts and verifies the authenticity of Forwarded 
Purchase Messages 421 sent from the DHCTs 333 as well as other messages sent using 
the reverse path, TED 603 maintains the private keys of the CAA and the EA and 
receives from the DNCS the public keys of the DHCTs from which it receives messages. 
5 As will be explained in more detiail below, TED 603 receives the public keys from a 

source that confirms the authenticity of each key. TED 603 finally makes a sealed digest 
for the EMMs using the private key of the CAA and EA as appropriate for the EMM. 

Using the Conditional Access System to Support Services and Programs Executing 
10 in DHCT 333 or Service Infrastructure 507 

The conditional access system can be utilized to secure the provisioning of a service or to 
provide security services to programs executing on DHCT 333 or programs in Control 
Suite 607. Secure service provision does not require that the DHCT programs that 
support the service be secure. The reason for this is that the following may be done only 
15 by DHCTSE 627 in DHCT 333 or by a TED 603: : - " 

^ • generation of the MSK; 

• storage of the MSK; .....i... . 

• storage of the keys needed to encrypt and/or decrypt EMMs and to make and 
check siealed digests; . ; ^ :; 

20 : . ' . storage of the entitlement information received from the EAs: 

. * • ' encryption and/or decryption of EMMs; 
* • encryption or decryption of the control word; - 

• provisioning of the MSK to SEES module 607 and the decrypted control word 
to service decryption module 625; 

25 • making and checking digests with shared secrets? • * * > • ' • 

• • making and checking sealed digests; ' ' ' • ^ * ' ' 

'.: o - •: confiiteing that'a DHCT333 is entitled to receive a service. ' - • 
^ A program executing on DHCT 333 ora fJrdgrarn in bbritrdl siu^ h'asf iio access to 
' any of the information stored iti DHO l^"E-627 or TED 60J and can tKiis do-nothing with 
30 • ' EMMs and EGMii beyond Isking DHGTSE 627 or TED 603- to^generate or interpret them. 
: . For example; when DHCP 33^^ 
: - "627 fop* processing;- when it ifeteiv&^^^ 
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information contained in the ECM and stored in the DHCTSE 627 indicates that DHCT 
333 is entitled to the service, DHCTSE 627 provides the decrypted control word to 
service decryption module 625. 

5 The conditional access system can also do security checking for programs generally. For 

' example, a program executing on DHCT 333 that requires downloaded information from 
a server application may expect that a sealed digest was added to the infprrnation before it 
was downloaded, and the program may use DHCTSE 627 to check the sealed digest and 
determine whether the information is authentic, but it is up to the program to decide what 
10 to do with the infomiation when DHCTSE 627 indicates that it is not authentic. . 

Details of Messages in Conditional Access System 601 

In conditional access system 601, the ECM. the EMM, the FPM, and the GBAM are all 
different types of conditional access messages. The conditional access messages all have 
15 a common format, namely a header, the message itself, and a message authentication 

code, or MAC. The header contains the following information: 

, • the type of the message, i.e., whether it is an ECM, EMM, GBAM, or 
something else; 

• the length of the message; 

20 • an identifier for the conditional access system; 

• an identifier for the type of security algorithm used with the message, , 
including encryption of the message and authentication of its contents; and 

• the length of the message content. 

The header is followed by the encrypted message and the MAC,.which, depending on the 
25 message type, may be a sealed digest, or a digest m^^e with some or all of the,MSK 
together >%jth Uie message. . . — ^ 

In digital broadband delive;,ry system 5,01,, CA. m^^ 
^ data stream or in an IP packet tliat is,^^ P^^H^X made according tp.,the rules, of the Jntemet 
30 Protocol. Also, other transport protqcols such as ATM ^m^ In the preferred 

embodiment, messages from control suite 607 to DHCT 333 may travel in MPEG-2 or IP 
packets; messages from DHCT 333 to control suite 607 travel as IP packets on Ae reverse 
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path provided by QPSK demodulator 623 and LAN interconnect device 617- In general, 
mess£^es to DHCT 333 which are closely associated with particular instances of services, 
such as ECMs and GB AMs, travel in the MPEG-2 data stream; EMMs may travel either 
in the MPEG-2 transport stream or as IP packets via LAN interconnect device 61 7 and 
5 QPSK modulator 621. 

CA Messages in the MPEG-2 Transport Stream: FIG. 7 

FIG. 7 is a schematic representation of an MPEG-2 transport stream 701 . An MPEG-2 
transport stream is made up of a sequence of 1 88-byte long transport packets 703. The 

10 packets 703 in the stream carry information that, when combined at DHCT 333. defines 

an instance of a service and the access rights of a given DHCT 333 to the service. There 
are two broad categories of information: program 709, which is the information needed to 
produce the actual pictures and sound, and program specific information (PSI) 711. which 
is information conceming matters such as how the transport stream is to be sent across the 

15 network, how the program 709 is packetized, and what data is used to limit access to the 

program 709. Each of these broad categories has a number of subcategories. For 
example, program 709 rtiay include video information and several channels of audio 
information. 

20 Each transport packet 703 has a packet identi'fier, or FID, and aH of the packets 703 that 

are carrying information for a given subcatiegory will have the sariie PID. Thus, in FIG. 7, 
the packets carrying Video 1 all have PID (a), and the packets belonging to that 
subcategory are identified by 705(a). Siiiiiiarlyi the packets carrying Audio 1 all have 
PID"(b), and the packetis belonging to that catego A 

25 subcategory of infonriation can tiius be identified by the PID ot its packets. As sKo wn at 

output packets 707, the output from mux 704 is a sequence of contiguouis individual 
packets from the various subcategories. Any part or all of MPEG-2 transport stream 701 
niay be encrypted; except that packet headefs ahd adaptatiori "fields'are liever encrypted. 
In the preferred emboidiitient, the sets' of packets makiiig up progfaiti 709 are encrypted 

30 ^ according to the DES aigortihm, witK the coriifol word as a^eyV ' 
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Two of the subcategories are special: those identified by PID 0 (705(e)) and PID 1 
(705(c)) list the PIDs of the other packets associated with the service(s) and thus can be 
used to find all of the information associated with any service. The packets in PID 1 
705(c) have as their contents a conditional access table 710, which lists the PIDs of other 
packets that contain EMMs. One set of such packets appears as EMM packets 705(d), as 
indicated by the arrow from CAT 710 to packets 705(d). Each packet 703 in packets 
705(d) contains private information, that is, inforaiation which is private to conditional 
access system 601 . As will be explained in more detail below, priyate information 713, 
for the purposes of this invention, is a sequence of CA messages, each of which contains 
an EMM, and private inforaiation 719, is a sequence of messages, each of which contains 
anECM. 



The packets in PID 0 705(e) contain a program association table which lists PIDs of 
packets that are associated with a particular instance of a service. One such set of packets 
15 is program maps packets 705(0, which contain a program map table 7 1 7 that lists, 

amongst other things, the PIDs of transport packets 703 containing EGMs for the 
program.. One such set of packets is shown at 705(g). Each of the transport packet$ 
contains priyate information 719, which in this case is a sequence of G A messages, each 
. of which contains an ECM. ; ; . . ;] ' h " : - : ; . 

20 ; • • ' L : 

FIG. 8 shows in detail how EMMs are carried in transport packets 703: The paylpad 
space 71 9 in the packets carries data from a CA_PRIVATE_SECT10N layer 803, which 
in tum contains a sequence of CA. niessages 805, each of which contains an EMM 807. 
In the, sets of packets, 7P5(g) carrying EGMs, the control >yords in the EGMs are encrypted 
25 using the 3DES algorithm with the JylSK as key; in the sets ojFpackets 7Q5(d) carrying 

EMMs, the EMMs .are encrypted using the public key of DHCT 333: for which they are 
intended. As will be immediately apparent, .the techniques just described can be employed 
to transmit any GA message 805 as;p,art.c>f an MPEGr2.tr?psport stream. 2':.. . : . 
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Mapping CA Messages into IP Protocol Packets: FIG. 9 

FIG. 9 shows how EMMs are mapped into the Internet Protocol (IP) packets used to 
communicate between control suite 607 and DHCT 333 via LAN device 617 and QPSK 
modulator 621 and demodulator 623. An IP packet 903 is a variable-length packet that 
5 consists simply of a header and a payload. The header contains source and destination IP 

addresses for the packet. With an EMM, the source address is the IP address of the CA or 
EA, and the destination address is the IP address of DHCT 333. In the preferred 
embodiment, the IP address of DHCT 333 is constructed using its serial number. The IP 
' addresses in DBDS 501 are partitioned by HFC node 523. The payload of the IP packet is 
10 a packet 905 belonging to the User Datagram Protocol (UDP) which has as its payload a 

CA_PRIVATE_SECTION 803, which in turn contiains a sequence of CA messages 805, 
each of which contains an EMM 807. 

ECM Structure Details: FIG. 10 

15 FIG. 10 shows details of the structure of an ECM 1008 and shows the mapping 1001 from 

an ECM 1008 to a set 705(e) of MPEG-2 transport packets 703. As before, the data of a 
CA_PRIVATE_SECTION 803 is cmried in a set of MPEG-2 transport packets 703 wi\h 
the same PID.- The data is a header 1003 for private section 803 and a sequence of CA* 
messages 805, each of which includes a CA message headbr 1005, a CA ECM message 

20 1007, and an ECM MAC 1013. CA ECM message 1007 and ECM MAC 1013 together 

make up ECM 1008. * ^ 

FIG. 10 also shows hovv the control word is protected in ECM: 1 008 and how ECM MAC 

1013 is^produced. 'The cohtrol word is a random value that is either encrypted using 

25 3DES encryption or created byiehcryptihg a counter value using 3DES encryption; using 

' the MSK as the key: • In^either case,' the prefeited eitibodirrierit calls for an MSK which is 

' made up of two 56^bit DES keysr and the 3DES encryptidri operation is a sequence of 

three DES operations^ encryption lisiiTg iKe first DES 'key; decryption u the second 

DES key, and encryption using the first DES key. The control word, too, may have even 

30 or odd parity. As shown at 101 3, the odd control word (after suitable encryption) 

becomes part of ECM_entitlement_unit_message 101 1 , and, in its noh-encrypted form, is 

used together with some or all of the MSK as input to the MD5 one-way hash function to 
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produce ECM MAC 1013. The same procedure is used with the even-parity control 
word. The contents other than the control word of ECM_entitlement_unit_message 101 1 
will be examined in more detail later.. 

5 EMM Structure Details: FIG. 11 

FIG. 1 1 shows a CA message 805 which contains an EMM 1112. CA message 805 has a 
header 1003, a CA EMM message 1 101, and a sealed digest 1 103. CA EMM message 
1101 consists of CA EMM message header 1 105, EMM message 1 107, and CRC error 
detection code 1 109. EMM message 1 107 in its turn contains EMM header 1 1 13 and 

10 EMM_inside_data 1115. EMMJnside_data 1 1 5 is encrypted using the public key of the 

DHCT 333 for. which it is intended. The data which is encrypted is EMM data 1 129, 
which in turn is made up of EMM_inside_header 1 123 and EMM command_data 1 125 
together with padding 1 127. EMM data 1 129 is also input to the MD5 one-way hash 
function to produce EMM MAC 1119 and sealed digest 1 103 is made by encrypting 

1 5 . EMM_signing^header 1117, EMM MAC 1119, EMM^signing header 1 1 1 7, and padding 
1121 with the private key pf either an entitlement agent or a conditional access authority, 
depending on what kind of EMM it is. 

, The EMM_signing_header is infoirn^tion from, the EMM^inside^headesr. :This . 
20 information is particularly sensitive and is consequently encrypted by both the.public key 

of DHCT 333. for privacy reasons, and the private key of the entitlement agent op the 
conditional access authority, to apply a digital signature. Upon reception, and after the 
privacy decryption, if the signature verification fails, the EMM is discarded by DHCT 
333. Included in this. information are an ID for the conditional access system, the type of 
25 ^the C A, message, .thp serial number pf the, microprocessor in the DHCT's DHCTSE 627, 

. an identifier fQT.p^ pA^^or EA which is the source of thp EMM, an indication of which 

of the three publip keys for the C^M^ ^npHQ 333's secure element is .to be used to 
. deciypt the sealed digest, and an indication of the format of the EMM; The contents of 
EMM commgnd^data 1 125 will be ex;plainedan more detail in the.discussion,pf the 
30 operations performed using EMMs. , ^ , . , . .. , ^ , - : ; .« 
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Details of DHCTSE 627: FIGs. 12-14 

DHCTSE 627 has five main functions in conditional access system 601 : 

• It securely stores keys including the public and private keys for DHCT 333, 
public keys for the CAA, public keys for EAs from which DHCT 333 is 

5 authorized to receive services, and MSKs provided by those EAs. 

• It securely stores entitlement information sent by the EAs. 

• It decrypts, authenticates, and responds to EMMs. 

• It decrypts the control words in the EGMs, authenticates the ECMs, and when 
DHCT 333 is authorized to receive the service instance to which the ECM 

10 belongs, it provides the control word to service decryptor 625. 

• It provides encryption, decryption, and authentication services to applications 
running on DHCT 333, 

DHCTSE 627 includes a microprocessor (capable of performing DES), specialized 
15 hardware for performing RSA encryption and decryption, and secure memory elements. ''^ 

All of the components of DHCTSE 627 are contained in a single tamper-proof package, 
such as a package that upon attempting to access the' information contained within the 
information is destroyed. Only the components of DHCTSE 627 have access to the 
informMioh stored in the seciire mem elements'. Ahy attempt by a user to gain access"*^ 
20 to any of the paits of DHCTSE 627 renders DHCTSE 627 unusable and its contents 

• unreadable: DHCTSE 627 may be an integral part of DHCT 333 or it may be contained 
in a user-installable module such as a "smart card". The user "personalizes" the DHCT 
333 by installing the module in it, ' " " 

FIG; 1 2 -provides an overview of the components of DHCTSE '627. As shown, the 
25 components of DHCTSE 627 are all connected' to' a bus 1 205 Beginning witk interface 

1203 to the general purpose processor upon wKicK applicatibns execute in DHCT 133, 
interface 1203 permits passage of data between the remairiing^compoiients of DHCT 333 
and DHCTSE 627- bit does not- permit ebmiponents in the remainder of DHCT 333 to 
address atid read thfe contents orsecret V^^^ in DHCTSE 627. ' ' 

30 Microprocessor 1201 executes the code for doing ehcrypti6n,'decryption, and 

authentication and interpreting EMMs and ECMs; RSA hardware 1217 is special 
hardware performing the calculations involved with RSA encryption and decryption. 
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Memory 1207 contains the code executed by microprocessor 1201, the keys, and the 
entitlement information. In a preferred embodiment, there are two kinds of physical 
memory in memory, 1207: ROM 12 19,. which is read-only memory whose contents are 
fixed when DHCTSE 627 is manufactured, and non-volatile memory (NVM) 1209, which 
5 can be read and written like normal random-access memory, but which retains its current 

values when DHCTSE 627 is without power. Non- volatile memory 1209 is organized as 
a set of non- volatile storage cells (NVSCs) 121 1(0 n), as described in U.S. Patent 
5,742,677, Pinder, el al.. Information Terminal Having Reconfigurable Memory, filed 3 
April 1995. 

10 

As will be explained in greater detail below, code executing in microprocessor 1201 
dynamically allocates NVSCs 1211 to entitlement agents. In the preferred embodiment. 
NVM 1209 is used for the storage of information which can be rewritten by means of 
EMMs, and ROM 1219 is used for code which will not change during the life of 
15 DHCTSE 627. 

FIG. 13 is a schematic overview of the contents of memory 1207 in DHCTSE 627. The 
memory is divided into two main parts: read-only storage 1301, which contains code and 
other information that does not change as a result of the interpretation of EMMs, and 
20 NVA storage 1303, whichis non-yplatile storage that changes as a result of the , 

interpretations of EMMs, RQ storage 130 V contains code 1305., . , , • 



Code 1305 falls into fpur categories: code 1307 for the encryption, decryption, and 
. authentication operations performed by DHCTSE: 627,. code for interpreting EMMs^ 1313, 
25 cpde for interpreting ECMs 1321, and code for ^handling pther CA messages such as the 

FPM 2md:the GBAN4'. Code 1307 includes code nOS Tor lhe MDS^ one-way hash 
algoritlun, the code 1309 for the RSA^public key algo^ and the code. 131 l;for the 
. 3DES algorithm. ..EMM cpdC: 1 3 13 Tdls into three.cla^ \ 31 5 which interprets 

, EMMs receiyed from a condiupnsd acjces^^ code 1317: whiehinteiprets EMMs 

30 employed by the entitlement agents to configure the storage allocation they receiye from 

the CAA, and code 1319 which interprets EMMs containing MSKs and entitlements. 
Code 1315,1317 and 1319 thus implements EMM manager 407 in a preferred 
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embodiment/ The code for interpreting ECMs 1321 decrypts the control word contained 
in the HCM and checks whether DHCT 333 is permitted to access the instance of the 
serv ice ihai the ECM accompanies; if so, the code provides the decrypted control word to 
serv ice decr>piion module 625. The code for other CA messages 1323 deals with 
messages such as the FPM and GBAM. 

NVA storage 1303 has two main components: administrative storage 1330 and EA 
storage 1351 . Administrative storage 1330 contains DHCT keys 1325, CAA keys 1329, 
and CAA data 1330. Beginning with DHCT keys 1325, each DHCT 333 has two public- 
private key pairs. The public key of one of the pairs serves as the public key used to 
encr>'pl EMMs sent to DHCT 333, and the private key is used in DHCT 333 to decrypt 
the messages: the private key of the other of the pairs is used to encrypt the sealed digests 
of messages sent by DHCT 333, and the public key is used by other network elements to" 
decrypt the sealed digests of messages received from DHCT 333. The pairs of keys are 
installed in DHCTSE 627 when DHCTSE 627 is manufactured. 

In a preferred embodiment, the manufacturier of DHCT 333 maintains a certified datab2^ 
which has the serial number of each DHCT together with the pair of public key^s 
belonging to it; When a CAA or EA wishes to begin sending EMMs to a DHCT 333. it*^ 
sends ia hiessiage to control suite 607 with the serial number of the DHCT. Control suite 
607 responds to the request by requesting the public key for the DHCT from a database 
maintained by the manufacturer of DHCT 333. The database responds to the message by 
sending control suite 607 certified copies of the public keys' for the DHCT, The ' 
manufacturer thus fimctiohs as the certification aiithority for the keys. Control suite 607 
•stores the public keys in a database of its own. For details oh key certification; see 
Schneier, 5ijfpra pageV425U28*. Getting the public keys for the 'DHCT 
• • manufacturer has two advantages: fii^t, it Solves the problem of certifying the keys; 
second, because the public keys^onie from the maniifacturer arid hot-from DHCT 333, 
' there is no requirement iri conditional access systerh 601 that DHCT 333 have a reverse 
pirth tocdtatK>i^siiite6G7.' • ' :j .iiiio > : . ; 
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CAA keys 1329 are public keys for the conditional access authority • In a preferred 
embodiment, CAA keys 1329 include three public, keys for the conditional access 
authority. These keys are originally installed when DHCTSE 627 is manufactured, but 
may be changed in response to EMMs, as will be explained in more detail below. CAA 
5 data 1330 includes parameters used by the CAA in managing EA storage 1 33 K and maps 

which map NVSCs belonging to particular entitlement agents to 8-bit names and thereby 
permit the CAA and the entitlement agents to manipulate the NVSCs 121 1 by name. 

Entitlement agent 1331 has EA information 1331 for each entitlement agent from which 
10 DHCT 333 containing DHCTSE 627 can obtain services. The CAA uses EMMs to 

allocate NVSCs 121 1 for an entitlement agent and the entitlement agent then uses EMMs 
to set the contents of its entitlement agent information 1333. - . 

FIG. 14 shows how NVSCs 121 1 are organized into EA storage 133 1 in a preferred 
15 embodiment. There are two kinds of NVSCs 1211: "skinny'' NVSCs, as shown at 1405, 

and "fat" NVSCs, as shown at 1409. A fat NVSC is made up of a number of skinny 
NVSCs. The storage 1403, which contains the three CAA public keys* also contains two 
pointers: one. 1402, to a free list 1407 of uriallocated skinny NVSCs and the other. 1404. 
to an entitlement agent list 1406 of allocated fat HVSCs 1409. There is such a fat NVSC 
20 1409(i) for each entitlement agent from which DHCf'333 niay receive services. iEach of 

these NSVCs 1409(i) may also haVe k list 1411 of NVsCs/which may be skinny NVSCs 
1405, fat NVSCs 1409, or a combination of both. A given NVSC 1409(i) and its list of 
skinny NVSCs make up EA information 1 333(i) for an EA. The fat NVSC 1 409 is an EA 
descriptor. As shown at 1333(i), the skinny NVSCs 1411 contain information for the 
25 .services provided by the entitlement agent siich as an MSK for a service, a bit map of 
entitlement itifoxniation^ and information needed fof interactive services such as IPPV. 

Contro! of MVA:Storage 130S^v- i-j/:; :.. .^.^ . ;. : - ■. nt-.:.^.:.- 
In a ijreferred embodiment, allbca^^ liiay be 

30 uitimate^ly controlled by either the CAA^br'&H^ >^lien the CAA dohli^ 

, ^allocation tod de-allocation, ihe GAA; ^Usually representing th^ 501, 
^» -hegoiiates with eksb o¥ the^ntiUeinra^^ agen?S'arid agrees dn Walfocatibi/of the- Various 
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types of NVSCs for that entitlement agent EA administrative code 1317 checks when it 
is interpreting EMMs from an entitlement agent to ensure that the entitlement agent does 
not use more NVSCs of each type than those allocated to it. 

5 When DHCTSE 627 controls NVA storage 1303, the operator of the CAA negotiates with 

each of the service providers and agrees on the allocation of storage needed for the 
services provided. The CAA then sends an encrypted message to the entitlement agent. 
The encrypted message contains the allocation based on data types, and the entitlement 
agent prevents the service provider from asking for more resources than were negotiated. 
10 If DHCTSE 627 nevertheless receives requests for storage area above what is available in 

NVA 1 303, it indicates to the user of DHCT 333 via the user interface that no more 
storage is available and requests the user to either remove some service provider resources 
or to rescind the request. 

15 Details of Operations Specified by EMMs 

In the following, examples of operations specified by EMMs will be given, beginning 
with changing a CAA public key, continuing through establishing an EA in DHCTSE 
627, and ending with providing, entitlenieni information for broadcasts^, events, and " ' 
interactive services. In the. preferred enribodirnent,,a single CAA controls the allocation of 
20 . EA storage 1331 to entitlement agents. In other embodiments,. there may be nipre than 

one CAA. There are two kinds of entitlernent information: that,for broadcast services and 
that for interactive services. Storage for broadcast entitlements is. more permanent than 
that for interactive entitlements.. 

. The amount of memory 1207 jn DHCTSE 627 is liniited; TheCAA manages this scarce 
25 resource and allocates it to - the entitlement agents from which DHCT 333 receives 

services. Different EAs may have different amounts of storage area allocated, depending 
on their needs. Once an EA has received an ^Ilo&atiqn fiomrthe GAA^ the EA may 
configure the ^storage area within Jimits Refined by the CAA. ; Different 
different limits ai^d different ^ypes o^J^ipriil^^Al qne-extreme,^the CAA , only restricts the 
30 , total, nuipl^er.pf 5^VSCs 12 11, th^ a^jE^gjnax^haye in its .EA ii^fosna^ionr.l 333.^ The CAA 
n^y m^ tighter restricxions by lic^y^g the types of Isiy^^ aiid/o? the; number 
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of each type. In this way, the CAA can prevent the EA from offering specific kinds of 
scr\'iccs and can limit the amount of such services offered, i.e., the amount of time that 
such scr\ iccs are offered. 

When a CAA allocates fat and skinny NVSCs 121 1 for an EA, it gives each allocated 
5 NVSC 1211 a ''name" i.e., each NVSC 121 1 has an identifier, such as an 8-bit identifier, 

that the CAA associates with the EA for which it has allocated the NVSCs 1211. The 
CAA and the EA use the name for the NVSC 1211 to refer to it in EMMs that manipulate 
the NVSC. An NVSCs name need not have anything to do with its physical location in 
NVM 1209. Since the name space is 8-bits wide, the'names are assigned using a 256-bit 
10 map. I f an entitlement agent has the name of an NVSC, it may make the NVSC into any 

type of NVSC as long as the type is one that is permitted for the EA and as long as the 
total number of NVSCs of the type belonging to the EA does not exceed the limit set by 
the CAA that authorized the E A. ■ 

Once the CAA has allocated the EA storage area in the DHCTS£, it is up to the EA to 
15 configure the storage area. The first step is to load certain parameters such as a PIN into a 

descriptor for the EA. the second step is to determine which types of NVSCs are to be 
used for the protected services to be offered. The names allocated by the CAA are then 
distributed among the various types of NVSCs. Lastly, each NVSC is loaded by sending 
the appropriate EMM. - : ' . . .. . J . . \ n_ • . : u 

20 ' ■•' ' ' '■' ■ '. • - • ■ r : . \_ 

Addressing EMMs 

In the conditional access layer, EMMs are addressed to a specific DHCTSE 627, indexed 
by CAA or EA. Thi? indexing is taken care qf in EMM header 1113, which includes a 
unique identifier for the CAA or EA that is the source of the EMM, and that therefore is 

25 associated with the private key used to make the EMM'S sealed digest. The EMM header 

also includes the serial number for DHCTSE 627. The DHCTSE 627 responds only to 
those EMMs that include its serial number, When a CAA is the source of the EMM, there 
is also a vjjiie in the header indicating vvhich of the CAA public keys is the jjublic key for 
the source of the m^ssage.^ C^ 

30 protocols, which mayjnclude other addressing mechanisms. 
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DHCTSE 627 ignores EMMs that are addressed to a CAA or EA that is not "known" by 
DHCTSE 627 (i.e., EMMs for which there is no CAA corresponding to the CAAID or EA 
that corresponds to the EAID). As will be explained in more detail below, information 
about individual entitlements is contained in NVSCs 121 1 for the entitlements. Each of 

5 these NVSCs has a type, and an EA may change the type or contents of an NVSC 1211 

by sending an EMM which specifies the name of the NVSC 121 1 to be altered. DHCTSE 
627 will alter the NVSC 121 1 as mdicated in the EMM unless the entitlement agent does 
not have an NVSC with that name or the change violates a constraint set by the CAA. In 
those cases, the EMN4 is ignored by DHCTSE 627. Conditional access system (501 does 

10 not require that digital broadband delivery system 501 have a reverse path, or, if one 

exists, that any bandwidth on the reverse path be available to the EMM conditional access 
function. Consequently, DHCT 333 does not return any acknowledgment, confirmation, 
or error messages in response to an EMM. Therefore, the CAA or EA that is the source 
of an EMM should track the allocations of NVSCs 1211 and send only EMMs that 

!5 request legal operations. In other embodiments, a reverse path may be required, and for 

these embodiments, the reverse path can be used for acknowledgment or error messages. 

• Changing a GAA - ^ ry/ 

As previously indicated, a CAA is represented in DHCTSE 627 by its public key. Three 
20 public keys for the CAA are installed in DHCTSE 627 when it is manufactured. A need 

may occasionally arise to change the CAA of DHCTSE 627. One circumstance under 

which such a need would arise would be if the private key for the CAA had been 
' compromised; another would be if a new entity has taken over the function of authorizing 

entitlement agents. That might happen; for exaihple, as a consequence of the sale of all or 
25 partofaDBbSSOl:^ ' ^ ' * ' - . • 

Any one bf £he public keys foir a dAA can be replaced by means of a sequence of two 
EMMs, the first of wtu^ has a sealed digest encrypted with the pn^ key "y ' 
corresponding to a first one of the other two^ublic keys, and the second of which has a 
30 sealed digest encrypted with the private key corresponding to the second one of the other 

two private keys. Each of the two EMMs contains an identifier, the CAAID for the new 
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CAA, a key select value indicating which of the three CAA public keys is to be replaced, 
and the public key for the nevv CAA. After the first EMM is successfully authenticated 
by DHCTSE 627 by verifying the digital signature applied by the first CAA key, 
DHCTSE 627 computes a MD5 hash of the new CAA public key in this first EMM and 
5 stores it. After the second EMM is successfully authenticated by the DHCTSE by 

verifying the digital signature applied by the second CAA key, the DHCTSE computes a 
MD5 hash of the new CAA.public key included in this second EMM. This second hash is 
compared with the first. If the hashes are identical, the new CAA public key and CAAID 
are substituted for the public key and CAAID of the CAA specified by the key select 

10 value. AsingleCAApublickey must not be changed twice without one of the other two 

CAA public keys being changed in between. 

Dynamically Adding and Removing Entitlement agents in DHCTSE 
627: FIG. 15 

15 When a CAA authorizes a DHCT 333 to receive services from an entitlement agent, it 

does so by sending a sequence of EMMs that create an entitlement agent descriptor EAD 
1 409 for the new entitlement agent. FIG. 1 5 shows a detailed view of an EAD 1409(i) as 
created by the CAA EMMs. Header 1 502 is common to all NVSCs 121 L Cell status 
1 501 indicates whether the NVSC 1211 is allocated. Cell type 1503 iiidicaies what kind 

20 of data it contains; with an EAD 1 409. Cell typc 1 503 indicates' that the cell is a "fat" 

NVSC. Cell name 1505 is the 8-bit "ndme that the CAA gives the cell when it allocates it. 
The names are per-EA. That is, the EA information 1333 for an EA mky include up to 
255 NVSCs. Next element 1 507is a pointer to the next element in the list to which the 
NVSC belongs. Thus, in an unallocated NVSC, it is a pointer to the next NVSC in free 

25 list 1407; in an EXD 1409; it is a pointer to the next element ih EAE) list 1406, and in a 

skinhy NVSC that^ is part of a list 141 1 , it is the next skinny NVSC iii that list. Next 
element 1507 is set in response to whatever EMM causes the list to be mMipuaaied. 

The remaining fields are particular to EADs 1409. The fields labeled 1506 in FIG. 15 are 
30 all set by EMMs from the CAA. EAID 1509 is an identifier for the entitlement agent to 

which EAD 1409 belongs; in the preferred embodiment, EAID 1509 is used to locate 
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BAD 1409 for a given entitlement agent. CAA flags ISl 1 are a set of flags that indicate 
(1 ) the classes of service to which the entitlement agent can grant access and (2) whether 
the public key for the entitlement agent is installed in EAD 1409. First skinny NVSC 
1513 is a pointer to skinny NVSC list 1411 belonging to EA information 1333 to which 
5 EAD 1 409 belongs. EA maximums 1 5 I S define the maximum amounts of services for 

the EA to which EA information 1333 belongs. The last field 1 506 set by the CAA is EA 
public key 1527, which is the public key for the EA to which EA information 1333 
belongs. 

10 The fields in EA fields 1516 contain information that is associated with the customer to 

whom DHCT 333 belongs. The fields are set by aii EMM received from the EA after 
EAD 1409 has been allocated and fields 1506 have been set. DHCT flags 1517 include 
flags indicative of the services provided by the EA that this specific DHCT 333 is 
presently entitled to receive. Stored credit limit field 1519 is used with instances of 

15 impulse services, i.e., instances of services that need not be purchased in advance. Stored 

credit limit field 1519 indicates the maximum amoimt of a service that an interactive 
customer can use without authorization from the EA. As be explained in detail a^^- 
below, authorization is obtained by sending an FPM to the EA Md receiving a confirming 
EMM from the EA.. X.coordinate 1521 and Y coordinate J 523 define a location of 

20 .DHCT 333 in a coordinate system (to be explained more fully later) established by the 
entitlement agent. The coordinate system may be geographic and may, for example, be 
used to determine whether the DHCT 333 i^ in an area which is to.be blacked out in a 
broadcast. The coordinate system may also be used generally to define subsets of an 
EA's customers. For instance, the X coordinate .and Y. coordinate pould.be used to define 

25 customers who do not wish to receive movies that have ratings other than G or PG:^13. 

The PIN is a multi-character code that the cusjtomer for the DHCT uses to identify, himself 
or herself to the entitlement agent. ... .... ... — . • . 
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The EMMs that the CAA sends to set up EA information 1333 for an EA are the 
following: 

• Set EA Allocation Name Map 

• Set EA Maximum Allocations 

5 • Update Entitlement Agent Public Key 

EMM header 1 1 13 in all of these EMMs contains a C AAID for the CAA, and all of the 
EMMs have a sealed digest that has been encrypted with the CAA's private key. The 
CAA may use these EMMs not only to set up EA information 1333, but also to modify 
10 already existing EA information 1333 for an EA and to remove EA information 1333 for 

an EA. When the latter has been done, DHCTSE 627 will no longer respond to EMMs or 
ECMs from the entitlement agent. 

Set EA Allocation Name Map , 
15 The Set EA Allocation Name Map EMM contains an EAID, which uniquely identifies the 

EA for >yhich the EA information 1333 is being created or modified, and a name map. 
. The map has a bit for each nanie; when the CAA has allocated a NVSC for the EA,:the bit 

corresponding to the. NVSC s name is; set. CAA EMM code 13 1.5 responds to this EMM 

by allocating the NVSCs required for EA information 1333, mapping.the names for the 
20 EAID to the physical locations of NVSCs, making list 141 1 and settingJfirst NYSG flag 

1513 to point to it, adding the new EA Descriptor 1409 to the head of EA list 1406 and 

setting next element pointer 1507 accordingly, and filling out header .fields 1502 and 

EAID field 1509. 

25 CAA EMM code 1315 stores the current name map for the.EA in CAA data 1 330 and 

consequently can compare the name map in a newly-receivjed Seit EA Allocation Name 
Map EMM with the current naine njap. , If a name is specified in both name maps, the Set 
EA Allocation Name Map command does iiot affect the NVSC 121 1 witii the name. If 
the name map in the EMM specifies a name that was not in the current name man, an 

30 NVSC 1211 corresponding to that name is added to list 1 4 1 L If the name man in the 

UvJ ''^rb r: ; nii;nu....;'' • - :^ ' • -'^ :r. 

EMM no longer specifies a name that vvas previously allocated to the entitlement aeent 
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the NVSe 1211 corresponding to that name is returned to free list 1407. After this is 
done, the name map in the EMM becomes the current name map. 

Typically, an entitlement agent and a conditional access authority will cooperate in 
determining how large list 1411 should be. For example, if an entitlement agent needs 
less space, it will send a message to that effect to the CAA, the message will contain the 
names of the NVSCs 1211 that the entitlement agent wishes to have removed, and the 
name map in the EMM sent by the CAA will specify only the names of the NVSCs 1211 
that the entitlement agent wishes to keep. It may, however, happen that the entitlement 
agent is not cooperative or that the conditional access authority must reduce the size of 
list 141 1 for the entitlement agent before it receives a message from the entitlement agent. 
In that case, the CAA may remove NVSCs 121 1 from list 141 1 by the value of the name, 
beginning with the name with the highest numeric value, continuing with the next highest, 
and so on, until the required number of NVSCs 1211 have been removed. 

The CAA can also use the Set EA Alldcation Name Map EMM to remove EA '^^^ 
information for an EA from DHGTSE 627. When the EMM is iised in this fasMbn, none 
of the bits in the name map are sei^ CAA EMM code 1315 i-esponds by returning all of 
the NVSCs in' the EA informatioh 1333 iand EA E)cscriptor 1469(i) for the EA idfentified 
. by the EAID in the EMM to free list 1407 and re-linkiiig EA list 1406 as required? 

Set EA Maxim um Allocatibns " ' 

The Set EA Maximum Allocations EMM contains the EAID for the EA having the 
entitlement information 1333 that is being created or modified and also contains values 
for fielci's 1511 and 1515 of EAD 1409. CAA EMM code 1 3 1 5 responds to this EMM by 
reading down EA list 1406 until it finds EA descriptor 1409 with the EAID specified in 
the iEMM and then settihg fields 1511 and 151 5 of EAD 1469Vs^^^ the values in the 
EMMf When an entitlenierit ageiit sen&^M that establishes 

eniitierrieht'ihformafioh of a certm type, for exanriple, ifor aii event, the code Uiat 
interprets the EMM checks the EA maximum allocations to determine whether the 
maxiriiuni iiumber of entitlements for that EA has been exceeded- In the preferred 
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embodiment, entitlements are represented by NVSCs. Consequently, what is limited is 
the number of NVSCs of a given type in list 1411. 

Update Entitlement agent Public Key 

5 The Update Entitlement Agent Public Key EMM contains the EAID for the EA having 

the entitlement information that is being created or modified and the EA's public key. 
CAA EMM code 1315 responds to this EMM by locating EA descriptor 1409 as 
described above and setting field 1 527 fi-om the public key in the EMM. With the EA's 
public key in place, DHCTSE 627 can then use the signed digests of the EMMs to verify 
10 that they are from the EA. This verification is possible since the EA uses the private key 

corresponding to the updated public key to perform the signing operation. 

EA EMMs that Modify Entitlement Information 1333 

The EA EMMs that modify entitlement information have sealed digests that are encrypted 
15 using the EA's private key. The EMMs fall into two groups: EMMs that modify EA 

fields 1516 of EAD 1409 and EMMs.that modify contents of the NVSCs making up list 
1411. As set forth with regard to EAD. 1409, each NVSC has a name, and each NVSC in 
list 141 1 has a type. An NVSC is named by the CAA. as described above, and its name 
cannot be changed by the entitlement agent. The entitlement agent can, however, change 
20 the type and contents of a NVSC, subject only to the maxihiums for the types established 
in EAD 1409 for the EA. It is up to the entitlement agent to keep track of the types and 
. contents of the NVSCs in EA information 1333: / . . 

The EMM .that.modifies EA fields 1516 of EAD .1409 is the Update Entitlement Agent 
25 ^Prppcities EMM. The second group of EMMs is. further subdivided according to the 
kind3 of entitlements they provide. There are two broad families of entitlements: 
; broadcast entitlements' for non-interactiye services and interactive entitlements for^ 
, interactive sessions. Within the broadcast entitlements, there ai-e further event v . -^^ 
entitlements for. events that .the user pays> for individually, asi isihexase with pay-per-view 
30 events, interactive pay-per-view events, and near video-on-demand eventsr^The-ridh- 

event broadcast EMMs include: 
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Update MSK 
Update Digital Bit Map 
Update Digital List 
Update Analog MSK and Bit Map 
Update Analog MSK and List 
Update Analog Bit Map 
Update Analog List 
The broadcast EMMs for events include . 
New Event Storage 
Add/Remove PPV Event 
Acknowledge IPPV/NVOD Event 
The EMMs for interactive sessions include 
New Interactive Session Storage • 
Add Interactive Session ^ 

Remove Interactive Session . : 
As can be seen from the names of the EMMs, the EAxan change the type of the liamed^ 
NVSCs allocated by the CAA as needed for events and interactive sessions, subject^^only 
to the maximums specified in EAD 1409; z - '" - 



20 



25 



30 



There are separate GAA EMMs for allocating NVSCs, setting limits on types of NVSCs, 
and assigning a public key to an entitlement agent. :Also, the EA EMMs for voting 
NVSCs 121 1 do so by name and can change the NVSC 121 1 type as well as its content. 
Therefore, access control system 601 has a high degree of control and flexibility. A CAA 
may dynamically constrain the total nuihber:of entitlements that an entitlement kgent may 
give, the types of entitlements^ and the number of entitlements of each kind as required. 
The CAA may also change the constraints, either in part or .asia whole; andean do so 
either in cooperation with the entitlement agent or unilaterally. iWithih the constraints 
imposed by the GAA, however, the entitlement agent is.feee to dynamically manage its 
. own pntitlements; changing not bnly:entitlements of a given type,^bm even changing the 
,typestheniselves.ij:'^- i ,.,:-it:i^,'\-^\ : •« ^: .; ..r .. 
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Update Entitlement Agent Properties 

This EMM contains the values for E A fields 1 5 1 6 of E AD 1 409. EA administration 
EMM code 1317 reads EMM header 1 1 1 3 to get the EAID for the EA to which the EMM 
is directed and simply sets fields 1 5 1 6 in EAD 1 409 for the EA from the EMM. 

5 "• • . . . . ' • • • . • . 

Non-Event Broadcast EMMs 

Of the non-event broadcast EMMs, four types will be discussed here. These are Update 
MSK, Update Bit Map; Update! List, and update combinations with MSK and list or 
bitmap. Those skilled in the art will be able to easily apply the principles explained 

10 below to EMMs that perform the functions indicated by the names of the other non-event 

broadcast EMMs. For example, the principles of digital EMMs can be applied to analog 
EMMs, There is a separate type of NVSC 1405 for each information type provided by 
the above non-event broadcast EMMs. FIG. 16 shows the contents of four of these types 
of NVSCs. Each NVSC type will be discussed together with thei EMM that provides the 

15 information it contains. 

- ^ Updat^MSK ' V ■ ■ • • •■ 

The Update MSK EMM is used to send a new MSK for a set of services provided by the 
EA specified by the EMM. The new MSK and other information associated with the 

20 MSK are stored in MSK NVSC 1601 in list 141 1 for EA infonnatlon 13321 belonging to 

the EA specified by the EMM. Ihcluded in MSK NVSC r^^^^ is header 1 502. Hdader 
1502 specifies that NVSC 1601' is a MSK NVSC, gives the NVSC's name/and contains 
next element pointer 1507 to the next element in list 1411. The tether fields contain 
information about the MSK. In the preferred embodiment; MSK 1608 has two 128-bit 

25 • p2irts: the even MSK 1 609 and thfe odd MSK 1 6 11 . Each part has two halves; i.e., a first 
half and second half, each of whichhas 56 key bits and "8 unusdd jiarity bits, the MSK 
1608 is aissociateid wVth a pair identifier 1603 for MSK 1608, an expiration date 1605 for 
MSK reOSvahd a hag reOT indidatirig^w^ 

be ignored. • If the expiration date 1 605 is'tiot to be ignored; DHCtSE 627 Will liot use 
30 MSK 1608 td decrypt-a coritrol word aAer the expiration date; The idehtifier 1 603 is per- 

-EA, ihd cdns^quehti maylave one or more 'MSiC^^^ any given 

.." V t. ii • - * »f 1 J i » .ic • - ^ • . — i • . i , . ' * , i -* • - ^ ■ : . . * • '__.,» \ ..... 
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time to store a plurality of different MSKs. Thus, conditional access system 601 not only 
permits separate security partitions for each EA, but also permits security partitions 
within an EA. 

The Update MSK EMM header contains the EAID needed to locate EA information 1333 
for the EA; the message contains the name of the NVSC that is to receive the MSK, a 
MSK pair selector which specifies a MSK pair ID for the MSK to be updated, a set of 
flags permitting the EA to selectively change MSK pair ID 1603, expiration date 1605, no 
expiration dale 1607 and either half of MSK 1608, and the information needed to make 
the changes. At a maximum, the EMM contains a value for MSK pair ID 1603, a value 
for expiration date 1 605, a value for no expiration date 1607, and values for even MSK 
1609 and odd MSK 1611. EA MSK code 1319 processes the Update MSK EMM by 
locating EA Information 1333 for the EA identified by the EMM header> EAID, using"' 
the cell name to locale the proper NVSC, giving that NVSC the MSK type, and then 
writing to the MSK NVSC 1601 as required by the flags and the information in the EMM. 
This procedure is the same for both analog and digital Update MSK EMMs. The 
differences are in the EMM command code in EMM Header 1 123 and NVSC type J 503. 

Entitlement Identifiers 

As will be explained in.more detail below, an.ECM specifies the service instance that it 
accompanies by means of (1) the EA>ID for the entitlement agent that is the source of the 
ECM and (2) a 32-bit entitlement ID for the instance. Entitlement IDs are per-EA. By 
making the entitlement IDs 32 bits long,- each EA will have enough entitlement IDs even 
for transient se^rvices such as pay-per-view events and interactive services. In the , 
preferred embodiment, when DHCTSE 637 interprets an ECM,:it checks. whether DHCT 
333 is entitled tp decrypt the instance by looking in EA information 1 333 for the EA 
specified in the, ECM for an entitlement ID. that corresponds to the entitlementlD : 
specified in th^ pCM. The entitJementlRs in the EMM axidjn EA info^natiqn^l333 can 
be represented; in at- least. tvvo ways. . One-way.is by simply, listing entitlement IDs.^ The 
drawb^ck^ wit^i this tej:hnique js: that jJie S^bitentitleni^ IDs are large;. and NV^Cs are a 
scarce resource. The other vvay is by n^^^^oif f^slaiti^ entitlement IE|-^y4^^ bit 
map. Any entitlement ID having a value within 255 of the entitlement ID value. specified 
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by the starting entitlement ID value can be specified by setting a bit in the bit map. This 
technique is set forth in the Banker and Akins patent application supra. See particularly 
FIG. 2 of the Banker and Akins patent application and the discussion of that figure. The 
following discussion of specifying entitlement IDs by means of a starting ID and a bit 
map is an expansion of the discussion in that patent application. 

Update Bit Map EMM 

. This EMM updates a bit map that specifies one or more entitlement IDs. The bit map is 
stored in an entitlement bit map NVSC 1613. NVSC 1613 has a header 1502 with the 
cell number and type of the NVSC; a first entitlement ID 161 5, which is the first 
entitlement ID which may be specified by the bit map; an expiration date 1617, which 
specifies when the entitlement IDs specified by first entitlement ID 1615 and the bit map 
expire; a no expiration date flag 1619, which indicates whether there is in fact an 
expiration date; and bit map 1621. The update bitmap EMM contains the cell name for 
the NVSC 1613 to be set, a set of flagswhich indicate the information in NVSC 1613 that 
is to be set by the EMM, and the values for the information. The EMM may set any or all 
of first entitlement ID 1615, expiration date 1617. no expiration date 1619, and bit map 
1621.' EA administrative EMM code 1317 responds to the EMM by setting the fields of 
the.specified NVSC .1613 as indicated- in the; EMM. This procedure is the same for both 
Update Digital Bit Map and Update Analog Bit Map EMMs. The;differences are jn the 
EMM command code in EMM Header 11 23 and NVSC type 1503, - , 

Update List EMM . ^ . r ; , 

The Update List EMM updates a list of entitlement IDs that is contained in an entitlement 
list NVSGVi 623. NVSC :1623 .has a' header 1502 with the cell name and type for the 
NVSC and contiains up to six entitlenient ID elements 1625: Each of the elerriehts 
contains an entitlement ID 1627, an expiration date 1 629 for the entitlement ID, and a flag 
1631 indicating whether the ehtitlerhehtiD hak ahlexpiratidn^^^ 
contains the celinaine for the NVSC^^a* value for -^e flag, ah expiration daite, arid values 
for up to six entitl^mitfiiit ID elemehtsa'625v T?iis proeedW^ same for both Update 
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Digital List and Update Atialog List EMMs. The differences are in the EMM command 
code in EMM Header 1 123 and NVSC type 1503.- 

Broadcast Events 

5 A broadcast event is a one-time service, such as a pay-per-view broadcast of a boxing 

match. In the preferred embodiment, there are two kinds of broadcast events: ordinary 
pay-per-view broadcast events, in which the customer has ordered in advance to see the 
event, and impulse events where the customer decides at the time the event is broadcast 
that he wants to order it. There are different kinds of impulse events, such as: impulse 

10 pay-per-view (IPPV) eventS4 which are pay-per-view events where the customer can 

decide at the time of the event to purchase it, and near video-on-demand (NVOD), where 
popular movies are rebroadcast at short intervals and the customer can decide when the " 
rebroadcast occurs whether he or she wants to view it. Those skilled in the art wiir-realize 
that the concept of an '"event" can refer to any service over a specific time period*(whedier 

15 - broadcast or non-broadcast), such as video on demand events or other types of events not 
listedhere. . . : 

In the case of pay-per-view events, the customer orders the event from ^ entitlement 
agent, iahd the agent responds by sending an EMM that contains the necessary entitlement 

20 * * information: In the case of events whefe the customer decides at broadcast time that he or 
she wants to purchase the event, purchase information, i.e., information about the 
entitlements that can be purchased, must be distributed with the event. In these cases, the 
purchase information is distributed by means of global broadcast authenticated messages, 
. or GB AMs.. The customer provide^ input 628: that specifies a purqhase: :The DHGT 333 

25 responds to the input 628 by storing the record of purchase in thevDHCTSE 627 and then 

beginning to decrypt Ae eyent. . Later, jQie.R^ entitlement agent a 

forwarded purchase message (FPM) indicating what has been purchased by the customer, 
and the; entitlement authority ;respond§:with m EMM.that, confirms the^pyrchase £ihd 
. contains the.necessary entitlemep^t info^nt^f^Qn: > The record :of thj? rpujchase remains, until 

30 - . ,an EMM cQnfuming the purchase is^receiyertby the; DHCTS:Ei627. : . u - > 
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Event NVSCs: FIG. 17 

FIG. 1 7 shows event NVSC 1 701 used to store entitlement information for events. 
Header field 1 502 is similar to that for other NVSCs 1 70L Each event NVSC 1 702 may 
Qontain up lo three event descriptors 1703, each of which describes a single event. Each 
5 event descriptor 1 703 contains a Flags Field 1 705 that includes flags to indicate (1 ) 

whether. the event is active, (2) whether its end time has been extended, (3) whether the 
enlillcmcni agent has confirmed purchase of the event, (4) whether the customer can 
cancel at any lime, (5) whether the customer can cancel in a cancellation window, (6) 
whether the customer has canceled the purchase, (7) whether the right to copy the event 
10 has been purchased, and (8) whether the event is an analog or digital service. Purchase 

time 1 709 is the later of the start time for the event or the time the customer purchased the 
, event. End time 1 709 is the time the event is to end. Cost 1711 is the cost of the event to 
the customer, and entitlement ID 1 7 1 3 is the entitlement ID for the event. 

15 New Event Storage EMM 

When thq CAA sets up entitlement agent descriptor 1409 for an entitlement agent it 
includes a value in EA Maximums 1515 that limits the number of event NVSCs 1701 the 
entitlement agent may have. Within that number. hp>yever, the entitlement agent is free 
to allocate event NVSCs 1701. from the total number of NVSCs 14p5, belonging to the 
20 entitlement agent and to reuse existing cvent,NVSCs 1701. To allocate an event :NVSC, 

the EA uses the new event storage EMM. which simply contains the cell name for the 
NVSC >yhi(;h is to be allocated, Once.the event NVSC 1701 has been allocated, its fields 
are set as follows: 

• In the case of an ordinary PPV event, fields are set by an add/delete event EMM; 
25 • In the case of an IPPV or ^4 VOD, eyent, fields are set in part :fi:om the GB AM for 

, the event and in part from customer input 628. . . - . * - 

. . Thip contents of an event NVSC 1 701 ,are. deleted by an add/delete event EMM or.by 
receiving an ECM containing a time;greatterthan thp in the evjent NVSC 

30 * : 1701, if the.eyent recordjiadj^ieen preyipusly acloiowledged by.rticeiyin^^ 
Acknowledge Event EMM. 
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The Add/delete Event EMM 

The add/delete event EMM contains a flag which indicates whether the EMM is setting or 
deleting an event. In the latter case, the contents of the EMM nlust match the current 
contents of the NVSC 1701 that is to be deleted. In the former case, the values of the 
5 EMM include flags indicating whether time eixtensions are allowed and whether the right 

to copy has been purchased. Further included are values for the event's start time and end 
time and the entitlement ID for the event. When the add/delete flag indicates "delete", 
EA administrative code deletes the contents of the N VSC 1 701 . When it indicaites "add", 
the code sets the corresponding fields of the NVSC 1701 to the values specifled in the 
10 EMM. The flag that indicates whether; the EA has acknowledged the purchase is set to so 

indicate. 

The Global Broadcast Authenticated Message: FtGs. 18-20 

The Global Broadcast Authenticated Message (GBAM) is, like the EMMs, ECMs, and 
1 5 FPMs, a CA message. A GBAM is broadcast by an entitlement agent to DHCTs 333. 

FIG. 18 shows a CA message 805 including a GBAM 1801. Message 805 includes a CA 
message header 1003 and a CA GBAM message 1 803, which ih turn is made lip of a 
GBAM header 1 807 and global broadcast datai 1 8091 Global bro^idcast data 1 8d9''is not 
encrypted, but GBAM 1801 is authenticated in thd same fashion as an'ECM: header 
20 - 1 807, global broadcast data 1 809, and MSK 1015 belonging to the EA which sent the 
" GBAM are hashed by one-way hash fuTC^ 1805. As 

with the ECM, the MSK 101 5 is a shared secret between the EA which'seht the GBAM 
and DHCTs 333 that have EA infomiation 1333 for the EA. 

A - ■ . • • . • - - . • . ^ 1 , 

25 FIG. 19 shows GBAM header 1 807 in detail as well as the irorm that global broadcast data 

1 809 takes when GBAM 1 801 isirsed to provide entitlemeht information for IPPV or 
NVOD. GBAM header 1807 has a conditional access system ID 1901 that identifies CA 
- system 601 in which GB AM" 180T is being viisielci^^ the message is 

a GBAM^and the identifier 1965- of agfent Sending thb GBAM: Fields 

30 1 907 &id 1 909^^pecify the key thkt Was~ifs^d to malc'e' MAC 1805: Fiefd 1 90T s^jecifies 
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the parity of the MSK half used tp make the digest, and MSK select 19.1 1 is an identifier 
for the MSK itself. 

Purchasable entitlement data 1913 refers to the form of global broadcast data 1809 that is 
used to provide entitlement information for IPPV or N VOD. Of the fields that are 
relevant for the present discussion. Entitlement ID 1 91 5 is the entitlement ID for the event 
associated vdth the GBAM, and Flags 1917 include flags indicating what kind of 
cancellation is allowed and whether the time for the event may be extended. Number of 
modes 1919 indicates how many different modes there are for purchasing the event. The 
rights which the purchaser receives to the event and the price the purchaser must pay will 
vary with the mode. In the preferred embodiment, an event may have up to five purchase 
modes. If more purchase modes are required, additional GBAMs niay be sent. The rights 
and prices for each mode are indicated by arrays. Each array has as many valid elements 
as there are modes. The value of an element corresponding to a mode indicates the right 
or price for that mode. Thus, mode right to copy field 1 921 is a bit array; if a bit .for a 
mode is set, the purchaser of the mode has the right to copy the event. Similarly, mode 
length field 1 927 contains a value for each mode which indicates the length of time for 
the event in that mode. Mode cost field 1929 contains a value for each mode which 
indicates the cost fpr the event iii that nriode. Earliest start field 1923 gives the earliest 
time at which entitlement for the event can start, and latest end field 1925 gives the latest 
time at vyhich entitlement must end. 

When DHCT 333 receives GBAM 1801, it passes GBAM. 1801 to DHCTSE 627 for 
authentication of global broadcast data 1 809, Authentication will fail unless DHCTSE 
627 has the required MSK. If (1) DHCTSE 627 has the required MSK and (2);global 
broadcast data 1809 is data 1913, DHCT 333 permits! the customer to purchase.t^^ 
in so doirig the customer identifies himself or herself tp DHCT 333>y means of a PIN, 

. and that PIN miBt m^tcji. PIN 1525 in EAD 140?!. for the entitlement agent that sent the 
GBAM. In niaking his or her purchase, the customer also specifies the relevant. modes. 
Given the r^iode information and the cost information in. the GB AM,,PHCT 33,3 egn 

. d^temine whether ordering t^^^^ cause the customer to exceed the 

amount (of time, mpney, etc.) specified in.stpred credit limit 15,19 in EAD 1409. If the 
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customer has hot exceeded the limit, the iiifomiation from the GBAM and from the 
purchaser's inputs are used to make an event descriptor 1703 for the event. DHCT 333 
passes the information to DHCTSE 627, which sets the fields in event descriptor 1703 
according to the values provided it by DHCT 333; The flag that indicates whether the 
purchase information has been acknowledged is cleared, and the cost of the event is added 
to the current credit balance. 

The Forwarded Purchase Message: FIG. 21 

The forwarded purchase message (FPM) in a preferred embodiment serves two purposes: 

• it informs the entitlement agent that the customer has purchased an IPPV or 
NVOD event; and 

• it informs the entitlement agent that the customer has canceled the purchase of any 
event. 

In other embodiments, messages like the FPM can be used to transfer any kind of 
information from DHCT 333 to a CAA or an EA. For example, such a message can be 
used to transfer monthly order information from DHCT 333 to an EA. 

DHCT 333 sends a forwarded purchase message with the purchase iniformation via the 
reverse channel to the entitlement agent that sent the GBAM. The FPM is contained in a 
reverse chahhiel data packet that is addressed to the EA. FIG. 21 provides an overview of 
the FPM and of the cryptographic measures used to protect its contents. FPM 2101 is a 
CA message 805 and consequently is sent with a CA message header 1003. FPM 2101 
itself is made tip of FPM encrypted envelope key 2103, vvhich contains the EAID for the 
entitletiieht agent and FPM key 2119 for deciyptihg the purchasing information contained 
in FPM entry pted events 2113 . The key and other contents of envelope key 2103 are 
encrypted for privacy using the public key of the entitlement agent for which FPM 2101 
is intended. CA FPM message 2105 includes C A FPM header 21 1, whidh includes the 
EAID for thie iritendecl EA, and FPM encrypted events 2113. The latter are encrypted 
' lisiiig'the J-DfiS algorithm with tlie key in envelope key 2103! CA FPM message 21 05*s 
jparts are a'header 213, FPM clear events 2133, which contains the purchase information, 
and padding 2135. the last part of FPMilol* is FPM signed authentication 2 107, which 
is ericrypteci with the private Sfey of orfct 'i3*3'from which FPM meissage 2101 is sent. 
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The encrypted material includes Fi?M signing header 2125, FPM MAC.2127, and 
padding 2129. FPM MAC 2127 is made using the MD 5 one-way hash algorithm from 
FPM clear events 2133. Only the .EA for which the FPM is intended can decrypt 
envelope key 2103 to obtain key 21 19 to decrypt FPM encrypted events 2123, and the EA 
5 can check the authenticity of FPM clear events 2133 only if it has the public key for 

DHCT 333 from which FPM 2101 was sent. 

The part of FPM 2101 which is of further interest here is FPM clear events 2133. The 
information in that part of the FPM includes the serial number of DHCTSE 627 m DHCT 
.10 333 from which the message came, the EAID of the destination EA, and an indication of 

the number of events for which the FPM contains purchase information. The infonnation 
for each event is contained in forwarded event data for that event. The forwarded event 
data is taken from GB AM 1 80 1 and event descriptor 1 703 for the event. Fields of interest 
in the present context include flags indicating (1 ) whether the event has been extended, 
15 (2) whether the user has canceled the event, and (3) vyhether the customer has purchased 

the right to copy. Other information includes the time the event started or was purchased, 
whichever is later^ the time the event is tp end, its cost to the customer, and the 
entitlement ID for the event. To cancel any event, including an ordinary pay-per-view 
event, DHCT 333 sends an FPM with the same message, but y/iih the eyent canceled flag 
20 set to indicate cancellation. The conditions under which DHCT 333 sends an FPM 

cancellation message will be explained in more detail below.. FPMs may also be used to 
purchase other service types, such as monthly subscriptions, or data downloads, for. . 
example. . , . - . 

j' ■ ... 

25 The Acknowledge IPPV/NVOD Event EMM 

When the entitlement agent receives the FPM, it enters the information contained in the 
FPM inits ctistomer information database and returns an acknowledge IPPY/NY;0D 
event EMM to DHCT 333; EMM- conunaiid data 11 25 in this EMM .contains an exact 
copy ofthe forwarded event data in the. F,PIyl- that the EMM is acknowledging.:. When 
30 DHCTSE.527 receives this EMM,.it decr^^s and authenticates it.arid then; for each item 

of copied; forwarded event data; it uses thejentitlement ID to locate event NiVSG 1701 for 
ithe .eyaitr.:Hafvi% lodEOe the?eyent:NyiSGfl70il i it compares the copied forwai:d.ed: event 
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data with the corresponding fields of event NVSC 1701. If they are the same, DHCTSE 
627 sets the flag in Flags Field 1 705 that indicates that the purchase has been confirmed 
and adjusts the stored credit balance. If the EMM has its "canceled" flag set, the "in use" 
flag in event NVSC 1701 is set to indicate that event h^/SC 1701 is not in use and is 
5 therefore available for reuse by the entitlement agent. 

Other uses of GBAM 1801 

GB AM 1801 can be used generally to broadcast authenticated messages via a MPEG-2 
transport stream, or other transport mechanisms, to DHCTs 333. CA system 601 itself 

10 uses GBAM 1 801 in two other ways: to periodically broadcast a time value to DHCTs 

333 and to extend the time for events. In the former case, GBAM 1801 simply carries. the 
time value, which is a secure time, due to the GBAM's authentication. The code in 
DHCT 333 which carries out a task for the entitlement agent that sent the system time 
GBAM can use the time value to coordinate its activities with activities by the EA. Note 

1 5 that this arrangement permits the use of per-entitiement agent time schemes. It also 

permits establishing a uniform system time throughout a digital broadband delivery 
system by setting up one entitlement agent in each DHCT 333 of the digital broadband 
delivery system as the "system time'ehtitlement agent" and addressing the system time 
GBAM 16 the system time emitlement agent. 



20 



25 



GBAMsiSOl that extend the time for an event carry the entitlement ID for the event and 
the number of minutes the tirne for the event is to be extended. When GBAM 1 80 1 is 
received and provided to DHCTSE 627, the secure element adds the number of minutes to 
end time 1709. 



FIG; 20 shows a server application 2001 executing on a processor having access to 
entitlement agejit 2005 and to the MPEG-2:transport stream being received'by;a group of 
DHCTs 333 . The server iapplicati6n50&l can use GBAM L80 1 to. send authenticated 
' messages tb the DHCTs 333. : Server applicteition 2001 sends a' message to Entitlement 
30 2tgent 2005,' which uses- its transaction »(cayption device 603 to make a GBAM 1 80 1 
■ including the payload:- Entitlement iageftt 2005 then returns the GBAM t(< sterver j i - 
applicatiohi200l wKidh-STOds applifc'aribn^datai^ 
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2007, to client application 2009 in the DHCTs 333. Each client application sends GBAM 
1801 to DHCTSE 627, which authenticates it. If the authentication succeeds,: DHCTSE 
627 sends an acknowledgment to client application 2009. It should be noted here that it is 
the entitlement agent and not server application 2001 which authenticates the pay load. 

NVSCs and EMMs for Interactive Sessions 

DBDS 501 can also be used for interactive sessions. Examples of such uses are browsing 
the Internet or playing video games. In such applications, data being sent to the customer 
will generally go via the MPEG-2 transport stream, while data being sent from the . 
customer will go via the reverse channel. Such an arrangement is advantageous for the 
many interactive applications in which the customer receives a Isu-gc amount of data, for 
example, the data that represents ah image, makes a short response, and then receives 
another large amount of data. . s . 

Each interactive session that is currently taking place with a user of DHCT 333 has an 
interactive session NVSC 121 1 in list 141 1 belonging to the entitlement agent that grants 
access to the interactive session. The interactive session NVSC contains a session key for 
the interactive session and an entitlement ID for the interactive session/ DHCTSE 627 
allocates the.iriteractive session NVSC in response to a new interactive session storage 
EMM from the entitlement agent. The new interactive session storage: EMM simply 
contains the cell name of the NVSCto be used for the interactive session.. ' : ^ 

Once the EA has established the NVSC, it sends an "add interactive session" EMM that is 
directed to the name of the newly-allocated NVSC and contains the entitlement ID and 
the key for the interactive session. The secure element places the entitlement ID and key 
in the NVSC : When the EA determines that-the4nteractive session is'over, it sends a 
"removeinteractive session'! EMM vsdth the entitlement ID for the interactive session and 
the secure element deletes thexontents of ^the NVSC. It is of course possible that the 
entitlement agent sends.anew interactiveistofage EMM'at a time-when all of the' 
interactive session NVSCs. allotted by thelCAA to the EA are already in use. ^DHCTSE 
627 in -a preferred/embodimenLdesils Mnth.$tiui5^situati6n by keying track-Of the -last' time 
each interactive session sent or received data. When a new interactive session is needed 
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and none is available, DHCTSE 627 shuts down the interactive session that least recently 
sent or received data and uses that interactive session* s interactive session NVSC for the 
new interactive session. Another solution is to request the user to select an interactive 
session to be terminated. 

5 

Details of the ECM: FIG. 22 

The information in an ECM that is used to detemiine whether the instance of a service 
that the ECM accompanies is to be decrypted in a given DHCT 333 is contained in ECM 
entitlement unit message 1011 . FIG. 22 gives details of the contents of ECM entitlement 
10 unit message 101 1 for a preferred embodiment of the present invention. Beginning with 

message ID 2205, the two fields 2201 and 2203 identify this message as an ECM 
entitlement unit message. EAID 2207 is the identifier for the entitlement agent which ' 
grants entitlements to access to the instance of the service that the ECM accompanies. 

15 Decryption information 2209 is information used to produce the control word 2235. 

Control word counter value 2235 is encrypted using the 3DES algorithm in a preferred ^ 
embodiment. This algorithm employs two keys, and in a preferred embodiment, each kSj^ 
is 1 /2 of the MSK. Also,' there are two versions of the MSK: even and odd. MSK parity^- 
2211 specifies which version is to be used in the 3DES algorithm. MSKID22i3 « 

20 specifies which MSK belonging to the- entitlement agent is to be used, or if the ECM 

accompanies data for an interactive session, it specifies that the key is to be found in the 
NVSC for the interactive session. Control word parity 2215 specifies the parity of the 
unencrypted control word 2235. Parity coxmt 2217 is a 0-1 cotmter that has the valiie 0 
when the. parity of the control word is even and 1- when it is odd. c . 

25 v:-. .-r,-.: y r v . . : 

Free preview 2219 is aflag;that indicates lhat the ECM is accompanying a portion of the 
service instance that is a free.previev^. :That is, as long as a customer has the, MSK for 
decrypting the service instanee,:the tustonier needs no fiorther ^entitlements to. view the 
fi^e preview portion of thejservice. . TTiemain^use.of ^fr^ is.with IPPV or» 

30 " NYOP services. Copy protejction level 22£1/ is alvalue .\\diit:h .ihdicatesitoJwhat extent the 
: instance may be copied. > Blackout/spo^ight '2223c.is.a.valu& which lindaclEdes how . 
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blackout/spotlight information 2236 is to be used: not at all, for a blackout, or for a 
spotlight (i.e., the service is targeted to the specific area). 

Number of entitlement IDs 2225 specifies the number of entitlement IDs 2245 that are 
5 contained in this ECM. The maximum number in a preferred embodiment is six in a 

single ECM. Multiple ECMs may be sent for each service. Allow IPPV 2229 is a flag 

which indicates whether the service instance may be viewed on an IPPV or NVOD basis. 

Cancel window 223 1 is a bit that is set in a service instance that may be viewed as an 

event to indicate the end of the period during which the customer may.cancel the event. 
10 Time stanip 2233 is a time stamp indicating the time at which the ECM was created. 

Encrypted control word 2235 is the control word contained in the ECM. It is encrypted 

using the 3DES algorithrn and the MSK for the service instance. 

Blackout/spotlight information 2236 defines a geographic area which is to be blacked out 
15 or spotlighted by an instance of a service. It does so by means of x centroid.2239 and y 

centroid 2241, the two of which define a point in a geographical coordinate system 
defined by the entitlement agent, and blackout radius 2237, which is used to determine a 
square:. that is penteredpn the point defined by fields 2239 and 2241 and that has sides that 
are twice the value of blackout radius 2237 Entitlement ID jist 2243 contains from one 
20 to six .entitlement. IDs for the instemce of tfie service, that jthe ECM accompanies: - 

Details of Blackout/spotlight Info 2236: FIGs. 26 and 27 , 

The coordinate system used in a preferred embodiment is shown in FIG; 26, Coordinate 
system 2601 is a 256 unit by 256 imit square, with the origin at the lower left-hand comer. 
25 In the coordinate system, it is the lines, rather than the spiaces between them, that are 

numbered. The entitlement agent to which coordinate system 2601 belongs assigns each 
DHCT 333 in the area covered by the coordinate system the coordinates of an intersection 
of a line that'is perperidicular to the »£bds"iWith'i lirie t^^ 

Thus, a' DHGT 333(k) iiiay be- assigrred^the point (i j) 2603 in Coordinate system 260 1 . 

30 ••"•i - Zi'^ ■' •[<■ ;n.-vr,^:<''-: • ... ■ . . " . : 

FIG: 127 shb Whow areas are defined^innsoofdinatfe system 260 V. Area 2705-has its 
; -"*cenu-old2701 at die poiiit whose cobfdiiiatteS ^ (57,90); The radius 2703 of the area is 
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ihrcc. so this number is added to and subtracted from each of the coordinates of the 
ccniroid lo produce a square 2705 whose lower left-hand comer is at (54,87) and whose 
upper riehi-hand comer is at (60,93). In the preferred embodiment, points on the left and 
bottom lines arc in the area; points on the top and right lines are not. 

Determining whether to Decr>'pt the Service Instance that Accompanies an ECM 
Concepiually. what happens when DHCT 333 receives an ECM accompanying an 
insumcc of a scr\'icc is that DHCT 333 provides the ECM to DHCTSE 627, which 
examines the NVSCs in EA storage 1331 to find whether the customer to whom DHCT 
333 belongs is cniiiled to receive the instance of the service. If the custonier is so 
entitled, DHCTSE 627 decrypts the control word in the ECM and provides it to service 
decr>'pior 625. which uses it to decrypt the MPEG-2 packets containing the audjo and 
video for the service. However, the number of different kinds of services, the number of 
different ways in which a service can be purchased, and the number of ways in which - 
access can be resti^icied all work together to make the maimer in which DHCTSE 627 " > 
processes an ECM rather complex. 

The simplest case is for a broadcast service such as a standard CATV channel. Here, the^ 
customer who owns DHCT 333 has paid his or her monthly bill for the'service and the ^ 
entitlement authority his sent two^ EMMs t6 DHCT 333: a MSK EMM with the month's^ 
MSK for the service and ah EMM that specifies the entitlement ID for the service: As 
previously pointed ouU the latter EMM may either contain a list of entitlement IDs or a 
first entitlement ID and a bit map. All of these EMMs may also contain expiration dates: 
in the case of the MSK: EMM, there is. an expiration date ofthe MSK; in the case of the 
entitlement JD list. EMM, there is an expiration date for each: entitlenient ID on the list; in 
the case of the entitlement bit map EMM,. there is an expiration date Jor the entire bit 
■ map. . . : • . • • : . * : j .'m : . ■ . . 

At a minimum, ;EA information 1333 forrtbe entitletnem agent thatrprovides entitlements 
, foX'the service instance that the ECM i^ ac^psfipany ing contains E A descriptor 1409, a 
MSK NVSC 1601, and either an entitlement bit map NVSC 1613 or an entitlement list 
NVSC: 1 623 for the seiyice to whichi.the:4jigtaaic -EA inlarmatipn J 3 33, may also 

. qonLiain >fVSCs:wiih:erititlemem.infprgnratiQ^ many.oth.er..seryicgs:or:insjtmp 
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The ECM for the service instance will contain, at a minimum, entitlement agent ID 2207, 
decryption information 2209, time stamp 2233* encrypted control vyord 2235, and a single 
entitlement ID 2245 for the instance of the service. 

When DHCT 333 receives the ECM, it delivers the ECM to DHCTSE 627, which reads 
down EA list 1406 imtil it finds an EA descriptor 1409 having a value in EAID 1509 that 
is the same as the value EAID 2207 in the ECM. DHCTSE 627 then follows first NVSC 
pointer 1513 to list 1411 and looks for a MSK NVSC 1601 that has an MSK ID field 
1603 containing the same value as MSK ID field 2213 in the ECM. Having found such 
an MSK NVSC, it determines from no_exp_dat flag 1607 whether expiration date field 
1605 contains a valid time value, and if so, it compares that value with the value in the 
ECM's time stamp field 2233. If the value in time stamp field 2233 is more recent in 
time, DHCTSE 627 will not use MSK 1608 from MSK NVSC 1601 to decrypt control 
word 2235. The secure element continues searching for an MSK NVSC with the proper 
MSK ID and an unexpired MSK, and if it finds such a MSK NVSC, it uses that MSK 
NVSC; if it finds no such MSK NVSC, it does not decrypt the control word. 

DHCTSE 627 similarly searches lis^ H l l/for an entitlement bitmap NV 1613 or an 
enthlement list NVSC 1623 which contains an. entitlement ID which is the same as one of 
the entitlement IDs 2245 in the ECM, . If (1) DHCTSE 627 finds anNVSG with such an 
entitlement ID and (2) there is no yalid expiration lime in the NVSC that specifies the 
^ entitlement ID that is earher than time stamp 223,3 in the ECM and (3) DHCTSE 627 has 
also found a valid MSK NVSC 1601 as described above, DHCTSE 627 decrypts control 
word 2235 using the: MSK and decryption information 2209 in the ECM. Decryption is 
done using the 3DES algorithm that was used to encrypt the control word.i In a preferred 
embodiment, the control word contained in the ECM is a counter value as described 
above,, and DHGTrSE, 627:, produces: tiie^ .word that actimlly is, used to decrypt the 

service.instance by re-encrypting the^ intpgei; usijig the MSK; and the 3DES algorithm. 
That control wQrd.usable by the service; deeryptor is then. returned to:S,ervic€;4ecrypiion 
module 625ijwhicb U3e§ it to. dwryptthe.servic,^^ , : . ^ ; - , ; ; . 
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As is apparent from the foregoing description, when DHCTSE 627 searches an 
entitlement agent's entitlement agent information 1333 for a given entitlement for a 
service, it continues searching until it has either found an NVSC that contains the 
entitlement or it has reached the end of list 1411 . What this means in logical terms is that 

5 the entitlements that a given entitlement agent can grant are the logical OR of the 

entitlements specified in entitlement agent information 1333. For example, if one 
entitlement bit map NVSC that contains the same entitlement ID as the ECM has expired 
but another has not, DHCTSE 627 disregards the expired NVSC, and based on the active 
NVSC, produces control word 2235. 

10 ' ' ^ - • ' ' .. . . . ' 

It should further be pointed out here that time stamp 2233 in the ECM and the expiration 
information in the NVSCs prevent reuse of a previous month's MSK to decrypt an 
instance in the current month and also prevent reuse of a previous month's entitlements 'in 
the current month to implement the protection against replay attacks described in the ^- "^ 

15 Banker and Akins patent application ^wpra. ' - 

Where further restrictions apply to an entitlement, DHCTSE 627 searches for that 
information as well in entitlement agent information 1 333. For example^ if ' ^ 
blackout/spotlight field 2223 of the ECM indicates that a blackout applies to the service*^ 
20 DHCTSE 627 uses blackout/spotlight information 2236 16 determine whether tHe^location 

specified by x coordinate 1 52 1 and y tdbfdihate 1 523 is within the square specified by 
blackout/spotlight information 2236; if so, DHCTSE 627 does not decrypt control word 
2235- When a spotlight applies, the procedure is of coiirse the opposite: DHCTSE 627 
decrypts the control word-only if X'CbordinMe field 1521 and y coordinate field 1523 

25 specify a location within the square. - - - ' r - - • - ' 

... . ,•>•••% 

As previoudy noted; the techniques that'arie ixs^d to graAt entitlements according to 
. gifebgraphical area^ may be generalized to varioiis subsets of " - 

custoihers. For example^ entitlements iriay^ b6 cbriceptually^represented in a Venn 
30 diagram, blackout/spotlight ihformati6n-223^ may Specify an '"area in the -Venn <lia:gram 
that represents the set of customers that are entitled to receive the service, and x 
coordinate 1 521 and y coordinate 1 523 may specify the location of the customer in the 
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Venn diagram. One use of such an arrangement would be to restrict access to an instance 
of a scr\'icc according to a customer' s desire that users of his or her DHCT not have 
access lo instances with objectionable content. In other embodiments, of course, more 
coordinates or other ways of representing set membership could be used. 

Event Services 

When the ECM accompanies an instance of an event, interpretation of the ECM takes 
place as described above, except that the entitlement information for the event is 
contained in an event NVSC 1701 . DHCTSE 627 searches the entitlement information 

!0 1 333 Tor the entitlement agent having the EAID that is in the ECM for an event NVSC 

1 701 containing an event descriptor 1 703. with an entitlement ID 1 71 3 that is the same as 
one of the enlillemenl IDs 2245 in the ECM. If the event is a standard pay-per-view 
event. DHCTSE 627 then examines the flags 1705 to determine whether the customer has 
canceled the event and whether purchase of the event has been confirmed (always the case 

15 with standard pay-per-view). The DHCTSE 627 then compares purchase time 1707 and 
end time 1 709 with time stamp 2233 to determine whether the time indicated by the time 
stamp is within the period ind[icated[ by fields 1707 and 1709. If the examination of event 
NVSC 1 701 indicates that the customer is entitled to the event, DHCTSE 627 decrypts 
control word 2235 as described above, . , — 

With IPPV or NVOD events, allow IPPV flag 2229 in the -ECM must indicate that the 
event is one that need not be purchased in advance, ypree preview flag 2219 may also be 
set to indicate „that the portion of the event instance accompanied by thp ECM is, part of 
the free preview, and cancel window fl^g 223 1. may further be set to .indicate that the 
25 event can still be canceled. If free preview flag 2219 is set, DHCTSE 627 simply looks 

, for a MSK Ny3C }^OUn EA infonriatipn 1333 that contains the MSK specified by MSK 
, ID 221 3 in the ECM;; If.|rtie DHGTSp 627.find3 one. that is valid, it decrypts control word 

30 If free, preview flf g2? 19 i? not si^t, D^CXJ^E 627 goes to the e;ventNYSC ,1 701 having 

. , . the.eqtitlei^em IP. .1;713 that i? the, same as^Q^le in ECM field, 2245. If flags, included in 
. ..flags 17P5,M^iiQ?ite_^^ purchase^of the eyent has been confimied and^the eyent has 
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not been canceled, DHCTSE 627 decrypts control word 2235. If the event has not been 
canceled and has not been confirmed, but time staihp 2233 indicates a time that is within 
a predetermined period after purchase time 1 707 indicated in event descriptor 1703, 
DHCTSE 627 also decrypts control word 2235. It is by this means that the service 
insteince continues to be decrypted between the time the FPM is sent to the entitlement 
agent and the time the entitlement agent returns the acknowledge IPPV/NVOD event 
EMM. This causes the confirmation flag to be set in flags 1705. 

Cancellation of Entitlements to Events: FIGs. 17, 19, and 22 

Whether a user can cancel a previously purchased entitlement to an IPPV/NVOD event 
that he or she has purchased preferably depends on the event. There are three 
possibilities: 

• the entitlement can be canceled up to two minutes past purchase; 

• the event ckn be canceled during a period of time termed a cancellation window; 
or 

• the event cannot be canceled. 

Which of the three possibilities is associated with a given event is detenhihed by the 
purchasable entitlement datk 1913 in the GBAM that accompanies the event. Ori^ flag in 
flags 1917 indicates whether the event can be canceled; anbthef indicates whether 
cancellation is possible in a cancellation window. If neither flag is set. the event cannot 
be 'canceled. When DHCTSE 627 makes dn event descriptor 1703 for the event: the 
values of the flags iii the GBAW'are'usdd to set fligs in flags 1705 which indicate 
whether the event may be canceled or during a cancellation window ofily. Again, if 
neither flag is set, the event carmot be canceled/ 

The user cancels an event by requesting cancellation via eustomer input 628 to DHCT 
333: When DHCT 333 receives theinpiitrit provides a cancellation request; including the 
EAID and entitlement ID for the instance, to DHCTSE 627, which uses the EAID and the 
entitlement ID to locate the event NVSC 1 701 that contains event descriptor 1703 for the 
' * event: If thie flags iri flag^ 1 705 indicate 'that the ehtitleixieht cannot tier canceled, * 
DHCTSB '627 indicates that fact to DUCt 333; which theft ih^icates th4rthe femitlemem 
is hotVahcehible tbthe'i^^^^ If the'fligs indicate th^ 
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DHCTSE 627 simply sets the canceled flag in event descriptor 1703. If the flags indicate 
that the entitlement can be canceled only during a cancellation v^indow, and an ECM 
indicating the cancel window has ended has not yet been received, DHCTSE 627 sets the 
cancel flag in event descriptor 1 703; otherwise, it indicates to DHCT 333 that the 
5 entitlement cannot be canceled, and DHGT 333 so informs the user. If the event has been 

canceled, DHCTSE 627 clears the acknowledged flag, which action causes a new FPM to 
be sent to the entitlement agent for the event. The entitlement agent responds to the FPM 
by adjusting its billing as required by the cancellation and sending a new acknowledge 
EMM. 

\0 

Interactive Sessions- 

The chief difference between broadcast services and interactive services is that each 
session of the- interactive service has its ovm interactive session key, which is contained in 
the interactive session NVSC for the interactive session. The NVSC for the interactive 

15 session also contains the entitlement ID for the interactive session. In an ECM that 

accompanies the MPEG-2 stream for an; interactive session, MSK ID field 2213 is set to a 
value which indicates that the MPEG-2 stream is to be decrypted using an interactive 
session key. When DHCTSE 627 interprets such an ECM, it uses entitlement ID 2245 to 
find the NVSC for the. interactive session arid then uses the interactive session key 

20 contained in the NVSC to decrypt control word 2235. - - , . 

Detailedl Description of Transfactipn Encryption Device 603: FIGs. 24 

■ and25 • ' \'. : 

Each CAA that can authorize entitlement agents in digital broadband delivery system 501 
25 and each EA that can grant erititleniehts in system 50 1 has a Transaction Encryption 

Device or TED 603 in system 501: Preferably, each CAA or EA has its own separate 
' TED in system 60 1 . • Alternatively; the TEDs could be combined in one device. The TED 

■ 603 stores the secret keys used By the entity to whicrh it belongs and has hardvvafe and 
software to do encryption; decryptionrkey generation, and authehticatibri as required by 

30 the 'entity^ The keys' ard kept s^^ TED without a use? interface or 

user' I/b devices; by iiiipleihehtihg it in a Siihper resistant container, by connecting the 
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TED only to the DNCS and using a secure link for that connection, and by keeping the 
TED in a physically secure environment such as a locked room. . 

, . . . . • • 

In the case of a TED 603 for a CAA, the TED 603 stores the private keys corresponding 
to the three public keys representing the CAA in the DHCTs 333, encrypts and.provides 
sealed digests for of EMMs from the CAA to the DHCTs 333, and decrypts and 
authenticates messages from the DHCTs 333 to the CAA. In the case of a TED 603 for 
an EA, the EA TED does the following: 

(1 ) stores the public and private keys for the EA and the MSKs for the EA; 

(2) generates the EA public and private keys and the MSKs; 

(3) encrypts and prepares sealed digests for the EMMs sent on behalf of the EA; 

(4) prepares the shared secret digests used to authenticate global broadcast messages; 

(5) provides the MSKs to SEES module 620 for use in encrypting instances of 
services; ' / 

(6) generates interactive session keys (ISKs) for interactive session EMMs and 
provides them to SEES module 620 for use in encrypting the interactive session; and :^ * 

(7) decrypts FPMs and other messages sent from DHCT 333 to the entitlement agent. 

TED 603 in Conditional Access System 601 : FIG; 24 ^ 

FIG. 24 shows the relationship between a number of TEDs 603 and the rest of conditional 
access system 601 . Portion 2401 of conditional access system 601 includes a CAA TED 
' 2427 for a CAA that authorizes entitlement agents in system 601 . Portion 2401 also 
includes one EA TED 2425 for each of the w+/ entitlement agents which the CAA has 
currently authorized for DHCTs 333 in digital. broadband delivery system 501 . . 
Alternatively, all EA TED 2425 functioijs could be combined into a single TED, which 
could include the CAA T^D 2427 function. Each TED is kept in a physically secure area 
2428 and is. connected to DNCS 507 by, a secure high-speed link 2423. that connects only 
DNCS 507 and the TEDs 603. In the preferred embodiment,, the secure . lii^ is a secure 
. XUiemetlinIc DNCS 507 uses- JED 60§ tp enprypt EMMs,,to decrypt FPM^^^ 
.. EA public and, private keys, tp genei^e M3K5.and IS.Ks, m4.tp prppare global bjoadcast 
.niessage digests. DNCS 607 has. a remote procedure call interface tQ.thjE?,TEE}s 603 for 
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performing these operations, and, consequently, programs executing on DNCS 607.can 
use the facilities of a TED simply by making a procedure call. 

DNCS 507 is the sole connection between a given TED 603 and the rest of conditional 
access sysleni 601. DNCS 507 is connected by a network 241 5 to systems belonging to 
the CAA and the various EAs. Each of these entities has a database containing 
information relative to its function. CAA 2405 has CAA database 2403, which contains 
at least the CAA's three public keys and encrypted versions of the corresponding three 
private keys, the entitlement agent identifiers for the entitlement agents that the CAA 
authorizes, and a per-DHCT database that contains the names, types, and numbers of the 
NVSCs that the CAA has allocated to each entitlement agent authorized for the DHCT. 

Each EA 2409(i) has its own EA database 2407(i): EA database 2407(i) preferably 
contains the EAID for the EA, a list of the MSK IDs and expiration dates, for the MSKs 
that the EA is currently using, and a database of the services and/or instances that the EA 
• : is providing. This database of services contains at least the entitlement ID for each 
service. EA database 2407(i) also includes a per-DHCT database of the entitlement IDs, 
entitlement expiration times,.and MSK IDs for the entitlements and MSKs sent in EMMs 
to the DHCT;. The per-DHCT database niay also contain customer billing infomiation 
such as the information.required tq deal with the.purchase. information in an FPM; 

Key certification authority 2413 is an^ntity which certifies the.public keys of DHCTs 333 
to DNCS 507. In a preferred embodiment, key certification authority 2413 is maintained 
by the manufficturer of DHCTs 333. DHCT key database 241 1 contains a database of 
DHCT serial numbers arid their public, keys. : When a user of a DHCT 333 wishes to 
purchase an instance of a service offered by an EA, the user sends a purchase order to the 
EA.witb the serial number (which is also the IP address) of the DHCT 333. The EA 
. provides the serial hiimber to DNCS<507, which maintains a;database 2421 of DHCT 
; public keys by :serial number. If the sierialrnumber is.not in the database; DNCS 507 
sends a request for .the.public key to K(pA.24 1 3:; (The request contains the. serial number, 
and the key . certificatiQn;:authority responds to the request by sending a digitally signed 
I ntessage 2412 to.DNeS 5;07: TM&"message;contairis the DHCT:s public^^^k^^^ 507 
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has the public key for the key certification authority and uses the public key and the 
digital signature to confirnl the authenticity of the DHCT public key in the message. If 
the public key is authentic, DNCS 507 places it in public key database 2421 . 

5 DNCS 507 is further connected via another high-speed link 2417 to SEES 620, which is 

provided with MSKs for encrypting instances of services. Additionally, DNCS 507 • 
provides global broadcast messages (GBAMs) and EMMs for broadcast via transport link 
517 to the DHCTs 333. Finally, DNCS 507 is connected via the reverse path provided by 
LAN interconnect device 617 to the DHCTs 333 and receives FPMs from the DHCTs 

10 333. In other embodiments, DHCT 333 may also send EMMs to DHCTs 333 by this 

route. 

Data "flows in portion 2401 are shown by labels on the arrows connecting the components. 
Thus* an EA 2408(i) sends unencrypted contents 2410 of EA EMMs and global broadcast 

1 5 messages to DNCS 507 and receives imencrypted contents 24 1 2 of FPMs for the EA from 

DNCS 507. With EA EMMs and global broadcast messages, DNCS 507 uses EA TED 
2425(i) to^do the necessary encryption, digest making, arid key generaiioh and then sends 
the encrypted and authenticated EMMs arid global broadcast messages; as well as the^ 
MSKs: to SEES 620; as shown at 2426 arid- 24 18: In the case oPEMMs/ which arc * 

20 repeatedly sent over an extended period bf time to the DHCTs, DNCS- 507 stores the 

encr\'pted EMMs in EMM database 2420 and provides them to SEES 620 from there. 
: .With FPMs. DNCS 507 uses the EA TED 2425(j) for the EA 24090) to which the F-PM is 
. addressed to do the decryption arid autheriticatibn and sends decrypted FPM conterits 
24 12 to EA 2409(i). DNCS 507 treats CAA EMMs the sanie: way as EA EMMs, except 

25 that the encryption and: digest making is done iising CAA TED 2427. '•• ^ • 

DNCS 507 also cohtairis a database oT encrypted entity infotmatiori24l9v which * r 
comprises' encrypted copies of the private key s^arid MSKs^stored in the TEDs^ 609;that are 
connected to.DNCS 5 07 J . This encrypted emity irifdrmation is used to restore a'TED if a 
30 : - malfunction- or the physical destfuctionibf-ffie:^^ - ^ 

. . iiiforinatipn.: The cncryptionisidone iftJlhe^TED using a pass phrase? . When the ^ . 
. ' information bias .been encrypted, it is>oiitput^to DNCS 507 and stored in database 2419; 
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when the TED is restored, the information is input together with the pass phrase to the 
TED, which then decrypts the key information. 

Detailed Implementation of TED 2425(i): FIG. 25 

5 FIG. 25 is a detailed block diagram of a preferred embodiment of an EA TED 2425(i). In 

the preferred embodiment, EA TED 2425(i) is implemented using a standard computer 
motherboard and chassis with a standard Ethernet board and additional means for 
accelerating RSA encryption and decryption. 

10 As shown in FIG. 25. the main components of TED 2425(i) are CPU 2501 , memory 2505, 

a hardware random number generator 2537, an Ethernet board 2541, and a number of 
RSA accelerator boards 2539(0 n), all interconnected by bus 2503; The use of more 
than one RSA accelerator board 2549 permits RSA encryption and/or decryption in 
parallel; in consequence, the preferred embodiment of TED 2425(i) is capable of 

1 5 encrypting a plurality of EMMs very rapidly, e.g., within a second, while also performing 

other operations involving encryption, digest making, or decryption at a similar rate. 

Memory 2505 contains EA information 2507, which is the public and private key for the 
eniitlemeht agent to which TED 2425(i) belongs, the MSKs for the EA. and code 2523, 
20 which is thexode executed by GPU 2501 . The parts of memory- 2505 which contain code 

2523 knd EA information 2507 are hori-volatile, with the part containing code 2523 being 
read-only and an the part containing EA ihformation 2507 being both readable and 
writable. The code which is of interest to the present discussion includes: 

(1) MSK geneiatihg code 2525, which generates MSKs and ISKs froni'random 
25 numbers provided by random number generator 2537; - ^ - r . :1 

(2) 'RSA key-generator 25 17; which generates public and private RSA keys from 
fanddm iri\imbers;^ ' - • • j - : v-u- v 

' (3) MDS'cbde 2529^ Which' performs algorithm; ' - • --^ 

(4) 3DES code 2531, which does 3DES encryption and decryption; • ' ' 
30 (5) GBAM authorization code 2533, which makes the shared-secret digest used to 

authenticate global broadcast messages; 
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(6) RSA encryption/decryption code 2535, which performs RSA 
encryption/decryption with the assistance of RSA hardware 2539; 

(7) EA information encryption code 2536, which encrypts EA information 2507 with 
a pass phrase for storage in DNCS 507; 

(8) EMM code 2538, which produces encrypted and authenticated EMMs; and 

(9) FPM code 2540, which decrypts and checks FPMs. 

EA information 2507 contains the information needed to do the encryption and 
authentication of GB AMs and EMMs sent on behalf of the E A represented by TED 
2425(i). EA information 2507 also facilitates and contains information for decryption and 
authenticity checking on FPMs directed to that EA. In a preferred embodiment, EA 
information 2507 includes at least: (1) EAID 2509, which is the EAID for EA 2409(i), 
EA Ku 251 1 and EA Kr 25 13. which are the public and private keys respectively for EA 
2409(1); and (2) a MSK entry (MSKE) 25 1 5 for each MSK being used by EA 240S(i) in 
conditional access system 601 to which TED 2425(i) belongs. Each MSKE 2515. v . 
contains MSK identifier 2517 for the MSK,. the expiration time 2519, if ?ny, for the MSK, 
MSK parity 2520 for the MSK, and MSK 252 1 itself. 

Operations Performed by EA TED 2425(1) , ^ . . ' : « 

When EA TED 2425(i) is initialized, it is provided with the EAID for the EA to he 
represented by TED 2425(i). It stores the EAID:at,2509 and uses RSA key generation 
. code 25 17 and a random number from random, number generator 253.7 to -generate EA 
public key 251 1 and EA private key 2513, which are stored in EA Information 2507. A 
Remote Procedure Call (RPC) permits DNCS 507 to read EA public key 2511, Other 
RPCs permit DNCS 507 to read TED 2425(i)'s serial number^ to get.and set TED 
2425(i)'s system time, and to call TED ,2425 (i.) to determine wh^th^r it isjesj^nding. 
TED .2425(i) responds to this call, with its^ serial number... E A TED. 2425(;iXal^ reports a 
number of alarm conditions to DNCS 507. These include encryptiw partial.and tojal 
failure, random number generatipn failxf e,, ?nem9ry. f^lure,.^^^ TED and Ethernet 
overload.. • . .; .- •.• c.-.y ■■ • " ".: >""jG' - ' . il - '. •Vo:- t'O'" " ■ • 
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Continuing with the encryption and authentication of EMMs, DNCS 507 has two RPCs, 
one for EMMs generally and one for MSK EMMs. When DNCS 507 is to make a non- 
MSK EMM for EA 2049(i). it receives the following from EA 2409(i): 

(1 ) the serial number of the DHCT 333 which is the destination of the EMM; 
5 (2) anEAIDforEA2409(i); 

(3) the EMM'S type; and 

(4) the information needed for an EMM of that particular type, for example, an 
entitlement bit map together with the first entitlement ID, the expiration date, and the 
no-expiration date flag. 

10 

DNCS 507.uses the serial number to look up the public key for the DHCT 333 in public 
key database 2421 , uses the EAID to determine which TED 2425 to use, formats the 
information as required for an EMM of this type, and provides the formatted information 
(1 123, 1 125, and 1 127 in FIG. 1 1) via the RPC to TED 2425(i) together with the DHCT's 

15 public key. EMM code 2538 then uses MD5 code 2529 to make a digest of the formatted 

information and uses RSA E/D code 2535 to encrypt the formatted information with the 
DHCT' s public key and encrypt the digest with private key 25 1 3 for the EA. The 
encrypted formatted information and the encrypted digest are provided to DNCS 507, 
which adds whatever else js necessfary and places the EMJN4 in EMM database 2420. 

20 . ; . . . ^ . : \ - : ■ - . ..•-/ ^ - , : ■: 

For an MSK EMM, DNCS 507 receives the EAID. the DHCT; serial number, the EMM 
type, the MSK parity, the MSKID, and any expiration date from EA 2409(i), DNCS 507 
then retrieves the DHCT serial number, formats the information, and makes the RPC call 
as just described, In this case, EMM code 2538 looks injEA Information 2507 to find the 

25 , MSK corresponding to.the MSK ID and adds the; MSK to the/prmatted information. 
Then EMM code.2538 uses MDS cod!B^529 ta make a digest of the formatted . 
: . inforxnation; EMM cpde 2538 then, uses ;RS A encryption/decryption code to encrypt the 
: formatted information with pubilic key and encrypt the digest with the EA's 

private key and returns EMM to PNGS,507i as described aboye- : : . ; : : ? . 

; The interface^for giving a global broadcast message its;aut^^ information,, 
requires the MSKID of the MSK that is to be the shared secret and the contents of the 
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global broadcast message. GBAM authorization code 2533 in TED 2425(i) uses the 
MSKID to locate MSKE 2525 for the MSK, combines MSK 2521 with the contents of the 
global message (GBAM header 1807 and global broadcast data 1 809 in FIG. 1 8), and 
uses MD5 code 2529 to produce the digest (GBAM MAC 1805), which it returns to 
5 DNCS507. 

With messages sent from the DHCT 333 to the EA, such as the forwarded purchase 

message, the IP packet in which the message is sent includes the IP address of the DHCT 
' 333 which is the source of the message, and that in tum includes the serial number of 

DHCT 333. DNCS 507 uses the serial number to locate the public key for DHCT 333 in 
10 public key database 2421 and provides the public key to TED 2425(i) together with 

encrypted envelope key 2103, CA FPM message 2105, and FPM sighed authentication 

21 07 from the FPM. FPM code 2540 then: 

(1) uses EA public key 251 1 and RSA encryption/decryption code 2535 to decrypt 

FPM encrypted envelope key 2103; 
15 (2) uses 3DES code 2531 and the decrypted envelope key to decrypt FPM encrypted 

events 2113; 

(3) uses RSA encryption/decryption code 2535 and the public key for DHCT 333sto 
decrypt FPM authentication 2107; and - ' ■ • ' * ^ ' 

• (4) uses the decrypted encrypted- eVents with MD5 code 2529 to produce a new'hish 
20 which it compares with the decrypted value of FPM authentication 21 07. If this 

' comparison indicates that the FPM is authentic. TEE) 2425(i) returns the decrypted events 
to DNCS 507, which in tiim forwards tiiem to EA 2409(i). ' • . . : ' - 

the MSKs in MSK 2515 are generated by TED 2425(i). The interface for-MSK 
25 - generation simply requires the MSKID for the new MSK, the parity for4he new MSK, 
and any expiration tinie, :.MSK generation codie 2525 receives a random number from 
random number generatbr^537. and uses it to generate the new R4SK: Then tHe'MSKE 
25 1 5 for theinew MSK is made arid adcied to EA-infonnatioh 2507:^#th€i^ is already an 
MSKE 2525 for the! -MSKID for the new- MSK, th^ neW MSKE^replaces the ekistirig 
30 MSKE. TED 2425(i) also generates interactive session keys for the add interactive 

session EMM. Key generation is as desbHbed for the'MSKEMM;^hee TED 2425(i) 
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has provided the EMM content with the encrypted key to DNCS 507, it overwrites the 
area in memory 2505 where the interactive session key was stored. 

CAA TEDs 

, 5 CAA TEDs 2427 have the same hardware as EA TEDs, but in the preferred embodiment, 

they only encrypt the CAA EMMs used to establish an entitlement agent in a DHCT 333. 
EMM encryption is done exactly as described for EA TEDs. The only keys required for 
encrypting and authenticating CAA TEDs are the DHCT 333's public key and the CAA's 
private key. They therefore need only store one of the three public-private key pairs that 

10 represent the CAA. The CAA public-private key pair is generated elsewhere. The private 

key is encrypted using a pass phrase that is provided to CAA TED 2405 along with the 
key pair. CAA TED then decrypts the private key and stores the decrypted private key. 
but not the pass phrase, in memory 2505. The encrypted private key, but not the pass 
phrase, is stored in encrypted entity information 241 9 in DNCS 507 as well. 
■ 15 ■ -. . . . ' ■ 

Authenticating Data for Applications Running on DHCT 333: FIG. 23 
The foregoing has disclosed hpw^ conditional access system 601 uses the conditional 
access authority, the entitlement agent$,:PHCTSE 627, and transaction encryption device 
603 to provide security for its own ^operations and for the keys and entitlement 

20 information required to decrypt an instance of a service. ;Anptherifunction of conditional 

access system 601 is that of ensuring secure data downloads for applications executing on 
DHCT333. There are two paths by which data may be downloaded: (1) in an MPEG-2 
stream via the high bandwidth path running from SEES 61 9 via transport network 5 1 7 to 
HFC network 521 to DHCT 333, and (2) in IP packets via the lower bandwidth path 

25 nmning from control suite 60? via LAN interconnect device 61 7 and QPSK modulator 

621 tQHFCnetworfc521:aiidD« 

, As with.the^data used in conditional access 5y stem :601^ t>yo.aspects; to the 

problem: security and authentication^ . Seciirity may -be attained by encrypting the data. In 
30 the case of data delivjered by the high.bandwidth.path, encryption rnay bje either by DES 

using an MSK when the data is intended for all DHCTs 333 having a given entitlement 
agent or by means of the public key for the DHCT when the data is intended for a specific 
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DHCT 333. In the case of data delivered via the lower bandwidth path, the data is 
addressed to the IP address of a specific DHCT 333 aiid may be encoded with the public 
key of the DHCT 333. In the case of encryption with a MSK, the MSK is provided by 
transaction encryption device 603, and, in the case of encryption with the public key of 
5 the DHCT 333, transaction encryption device 603 can provide the key or do the 

encryption itself. DHCTSE 627 contains the keys needed to do the necessary decryption 
in DHCT 333. ' 

The authenticating entities in conditional access system 601 comprise the conditional 
10 access authority and the entitlement agents. Authentication of downloaded data is done in 

the same fashion as in EMMs, namely by using a one-way hash function to make a digest 
. of the downloaded data and then encrypting the digest with the private key of the 
authenticating entity to make a sealed digest; In the preferred embodiment, the sealed 
digest is made in transaction encryption device 603. When the downloaded data arrives 
15 " in DHCT 333, DHCTSE 627 uses the public key of the authenticating entity to decrypt 
the sealed digest and then uses the one-way hash function to again hash the downloaded 
data. If the downloaded data is authentic and -has not been corrupted in transit, the ^ 
decrypted sealed digest and the result of hashing the data in the one-way hash function 
will be equal. It should be noted at this point that the authentication is done not by the * 
20 of igiriator of the data, but rather by a C A A or E A that is known to the digital brbad band 
delivery ^system. Moreover, because the CAA or EA is already known to DHCT 333, 
downloading of authenticated data to DHCT 333 can occur without intervention of the 
user of DHCT 333. ^ i:. r:. ; 

25 There are many ways of relating the authentication to the data being authenticated: One 

way is to use a GBAM as described above with regard to FIG. 2D. In such a case, the 
GBAM payload 2003 would be the digest for the data being downloaded and entitlement 
agent 2005 would ehciypt the digest with Rs private key' as weir as niaking a digest using 
payload 2003 and k MSK. Another way^is- to simply send a message^via the MPEG-2 

30 ' transport streairi or using an' IP packet thke&britaihed an auth'ehticatioii poirtioft as Well as 
thedsfta. • • - * " ' '^"^ bacrr-..^- -i-- - /: 

• l.ji % : *« ic ^ ! .^IH-'V f;-"?: • fr n n ' 1 ^ \ :ir:^:Ti '{d -X'. J,:-^- 
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One kind of data that can be downloaded using the above techniques is code to be 
executed by the general purpose processor in DHCT 333. . The memory used by the 
processor includes a portion which is flash memory. That is, the memory cannot be 
wTiiicn lo like ordinary writable memory, but can be rewritten only as a whole. Such 
5 memor>' is typically used to hold downloadable code. FIG. 23 shows a message 

containing downloadable code. Code message 2301 has two parts: authentication part 
2303 and code part 2305 » Code part 2305 contains encrypted or unencrypted code, as the 
situation requires. Authentication part 2303 contains at least two items of information: 
auihenticator identifier (AID) 2307 and sealed digest 2309. Authenticator identifier 2307 

10 is the CAAID or EAID for the conditional access authority or entitlement agent that is 

auiheniicaiing code 2305; sealed digest 2309 is made by hashing code 2305 in a one-way 
hash function to make a digest and then encrypting the digest with the private key of the 
CAA or EA that is authenticating the code. SD 2309 is produced in a preferred . 
environment by a transaction encryption: device 605. 

15 . . 

Code message 2301 can be sent either in a MPEG-2 transport stream or as an lP packet. 
Message 2301 may be broadcast to any DHCT 333 that has the authenticating CAA or 
EA, or it iiiay be seiitio a specific DHCT 333. in that case, the packet(s) carrying code 
message 230 1 will include ari addrKs for DHCT 333. In the preferred embodiment, the 

20 address is DHCT 333*s serial number. When code message 2301 arrives iii the DHCT 

333 for which it is intended, code executing on the processor performs the one-way hash 
function on code 2305 and provides the result together with AID 2307 and sealed digest 
2309 to DHCTSE 627. DHCTSE 627 uses AID 2307 to locate the public key for the 
CAA or EA and then uses the piiblic key to decrypt sealed digest 2309. Finally, it 

25 compares the haish value in decrypted sealed digest 2309 with that provided by the code 

ekecutirig on thie processor; and, if they are equal, DHCTSE 627 signals that the code has 
been authenticated. " 
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Public Key Hierarchy (Fig. 28) 

The various elements of the system described herein collectively implement a public key 
hierarchy 2801 within the network. This is advantageous because such a hierarchy can be 
used to establish the "trust chains" that support scaleable and spontaneous commercial 
5 interaction between DHCTs 333 and other networks that employ public key-based 

security, such as the Internet, It can also be used to establish trust in user commercial 
interactions with the DBDS 501 . 

FIG. 28 shows the hierarchy of public key certification in the DBDS: There are two 
independent ''trust chains" shown. On the left hand side is the "DHCT chain", which 
10 establishes the validity of the public keys aissociated with DHCTs 333 and enables trusted 

use of digital signatures made by the DHCT 333. On the right hand side, is the '^Operator 
chain" which establishes the validity of public keys associated with the network operators 
and the subtending EAs within each system and enables trusted use of signatures of these 
entities. c . .. . - - ■ ^ 

15 The DHCT signature 2806 may be used as described elsewhere herein to. authenticate^ 

messages sent from the DHCT 333. However, for recipients to be able to trust such-- 
DHCT signatures as authentic, they must know with certainty that the public key claimed 
to be associated with DHCT 333 is in fact the true key which matches with the DHCT's 
private key. This is accomplished by certifying the DHCT certificate 2806 with the. 

20 factory programmer certificate authority (FPCA) signature. The FPCA signature can be 

trusted because reference can be made to FPCA certificate 2805. The DHCT certificates 
2806 and the FPCA signature as well as the FPCA certificate 2805 are preferably made at 
the manufacture time of DHCT 333 in a secure way., Since it may be necessary oyer time 
to issue new FPCA certificates and use new FPCA signattires, each FPC A pertificate is 

25 also certified with a signature of the DHCT Root which may have its own certificate 

2804. Said DHCT root certificate 2804 may either be self-signed or may be certified by 
another authority. DHCT root signature is preferably administered in a highly tamper- 
resistant device, such as one that meets the requirements of FIPS 140-1 Level 3 
certification. 
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In the operator chain, the various EA certificates 2803 are used to make signatures in the 
manner described elsewhere herein. Likewise, the Operator CAA signature using the 
Operator CAA certificate 2802 is used to certify each EA signature as described 
previously herein. Above the operator CAA signature, two Root CAA signatures may be 
5 used to introduce an operator CAA 2802 to a DHCT 333 in a secure way. In fact, 

preferably at manufacture time, there are three Root CAA public keys placed into the 
secure NVM of the DHCT 333. Then, authentic messages from any two of the Root 
CAAs may be used to replace the third Root CAA public key with that of the Operator 
CAA whose key is certified in Operator CAA certificates 2802. The Root CAA is 

10 preferably administered by the manufacturer in a tamper-resistant device that meets or 

exceeds the requirements of FIPS 140-1 Level 3 certification. It is possible, however, 
through an appropriate sequence of messages, to change all of the Root CAA public keys 
to be those of other CAAs that the manufacturer has no control over. It is thus possible to 
remove the manufacturer from the signature chain. In this case, the Root CAA can be 

15 some other organization approved by one or more operators or it may be administered by 

an operator. 

■ . . As shown in FIG. 28 and described elsewhere herein, each operator may have a plurality 
of EAs. In a preferred embodiment, there is a different EA and an associated EA 
certificate 2803 for every operating site of any given operator. This ensures that DHCTs 
20 can not be migrated between operational sites, without the knowledge and participation of 

the operator CAA signature 2802. . 

The geo-political CA certificate 2807 shown in FIG. 28, is not required to operate the 
normal conditional access and electronic activities of the operator. However, the operator 
may desire to link its signature chain into a larger chain to be able to participate or have 
25 , DHCTs 333 participate in transactions involving entities outside of the operator's DBDS. 
In this case, the signature chains may be readily linked to those of geo-political CA and 
its signature 2807 by liaying the public keys of one or all of the DHCT root signature 
2804, the Root CAA signature 2808 or operator CAA signatures 2802 certified by the 
geo-politic^ CA signature. This is accomplished by having a certificate placed in a 
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database for each of the public keys associated with signatures 2804, 2808 and 2802. 
Said certificate is signed with the private key of the geo-political CA 2807. 



FIG. 29 shows an EMM generator 290 1 . As described elsewhere herein, it is preferred 
5 that DHCTs 333 that are operated by different operators in different DBDS instances are 
controlled by an operator CAA that is specific to that operator and system. Since DHCTs 
333 at manufacture time are not configured to be controlled by any operator CAA, but 
instead are controlled by three Root CAAs the public keys of which are placed in the 
memory of the secure processor during manufacture, they must be reconfigured for 
10 control by different operators. This must be dpne securely. As described elsewhere 

herein, messages bearing the digital signatures of two of the Root CAAs can be used to 
reconfigure the terminal with respect to the third CAA. The EMM generator 2901 is used 
to produce one of the two messages needed to introduce a new Operator CAA public key 
in a certified way to the DHCT 333 . DHCT public key certificates 2902 are input to the 
15 EMM generator so that it may know for which DHCTs messages are to be made. The 

DHCTs that will be controlled by a specific operator may be placed in a separate file of 
the input device or may be associated with an operator in other ways clear to tho§&;skilled 
intheartv'' - • ' • ■■ •• . 

20 Prior to generating introductory EMMs 2903, certified public keys of the various 

operators served by the EMM Generator 2901 arc loaded into the public key memory . 
2904 of the EMM Generator 2901 . Thus, when EMM generator 2901 reads input of 
DHCTs needed to be introduced to Operator A, the EMM generator uses the public key of 
Operator A read from memory 2904 to produce EMMs containing the public key of 

25 Operator A Likewise, prior to generating introductory EMMs i2963, the private keys of 

the Root CAAs must be loaded into the private key memory 2905 of the EMM generator 
290 1 . Said EMMs are digitally signed'by the EMM Generator 296 i using the private 
keys of the Root CAAs contained iri rnemoiry 2905. Since private signing keys are 
contained in meinory 2905 of EMM Generator 2901, the EMM Generator 2901 must be 
30 implemented in a secure fashion that prevents discovery of the values of the Root CAA 

private keys stored in memory 2905. EMM Generator 2901 should thus be implemented 
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in a tamper-resistant device which meets the requirements of FIPS 140-1 Level 3 or 
higher. 

Since two Root CAA private keys must be used to sign separate CAA Introductory 
EMMs 2903, there are preferably two EMM Generators 2901 implemented, one each for 
each of the two Root CAA private keys. It is also preferred that EMM generators 2901 
are operated in separate physical facilities. 

The Detailed Description of a Preferred Embodiment set forth above is to be regarded as 
exemplary and not restrictive, and the breadth of the invention disclosed herein is to be 
determined from the claims as interpreted with the full breadth permitted by the patent 
laws. - . 
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1 . A secure element for use in a receiver that receives messages addressed to the 
receiver, the messages having an encrypted content and being sent on behalf of an entity 

5 that determines whether the receiver has access to instances of services received in the 

receiver, the secure element comprising: 

non-volatile memory wherein is stored a public key-private key pair for the 
receiver and a public key for the entity; 

processing apparatus coupled to the non- volatile memory, the processing 
10 apparatus including apparatus for decrypting and authenticating the messages and for 

decrypting and authenticating receiving the message content and using the private key for 
the receiver to decrypt the message content and the public key for the entity to determine 
whether the message content is authentic, the processing apparatus not responding to the 
message content unless the message is authentic. 

15 

2. The secure element of claim 1, wherein: 

the entity is a conditional access authority that authorizes an entitlement agent to 
grant an entitlement to the recei ver to access at least one of the instances; 

the message is a first message whose content includes a specifier for the 
20 entitlement agent which is being authorized; and 

when the message is authentic, the processing apparatus responds to the message 
by storing the specifier in the non- volatile memory. 

3. The secure element of claim 3, wherein: 

25 the message is a second message whose content includes a public key for the 

entitlement agent; and 

when the message is authentic, the processing apparatus responds to the second 
message by storing the public key for the entitlement agent in the non-volatile memory. 
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4. The secure element of claim 2, wherein: 

the message is a third message having content that includes limitations on the 
number and/or kinds of entitlements granted by the entitlement agent; and 

when the message is authentic, the processing apparatus responds to the third 
message by storing the limitations in the non-volatile memory. 

5. The secure element of claim 2, wherein: 

the non-volatile memory is divided into cells; . 

the message is a fourth message whose content specifies a number of cells; and 
when the message is authentic; the processing apparatus responds thereto by 
allocating the specific number of cells to the entitlement agent. 

6. The secure element of claim 5, wherein: 

the content of the fourth message further specifies names for the cells specified 
therein; and 

when the message is authentic, the processing apparatus responds thereto by 
allocating the specified number of cells to the entitlement agent by name. 

7. The secure element of claim 5: wherein:! « : : • ^ 

when the content of the fourth message is authentic and specifies no cells, the 
processing apparatus responds thereto by deallocating all cells belonging to the . .. 
entitlement agent and removing the entitlement agent's specifier from the non-volatile 
memory. - ■ v--. 



8.: . ; :The secure element of claim 2, wherein:^ ' ' . » . 

the message is a.fifth message -whose content specifies removal o 
agent from the secure element; and. m v v ^ \ : . : i - - • /: - .: 

when the coiitent of the fifth message is authentic, the processing apparatus 
responds thereto by removing the entitlement agent's specifier firom the non-volatile 
memory. 
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9. The secure element of claim 3, wherein: . 
the entity is the entitlement agent; and ' 

the message is a sixth message that specifies the entitlement agent and whose 
content controls access to services received in the receiver on behalf of the entitlement 
5 agent. 

10. The secure element of claim 1, wherein: 

the entity is an entitlement agent that grants an entitlement to the receiver to 
access at least one of the. instances; and 
10 the message is a seventh message which specifies the entitlement agent and whose 

content controls access to services received in the receiver on behalf of the entitlement 
agent. 

11. The.secure element of claim 10, wherein: . v 
15 the instance of the service is encrypted; 

the content of the seventh message further includes a long-term key used in^c-' - 
decrypting the instance of the service; and ; . 

when the message is authentic, the processing responds to the message by storing 
the long-term key in association with the entitlement agent. . . 
20 ■ . ; -M- ^ . : -J.: ^ . • - . :* 

12. ,i The secure element of claim I T. wherein: - . . . jj. /. 

/ . the receiver further receives a global broadcast message that is sent on.behalf of 
the entitlement agent but not addressed to any particular receiver; 

the global broadcast message includes a global broadcast message content and a 
25 digest made from the global broadcast message content.and the Jong-.tenn key; and : 

the apparatus for decrypting md .authenticating authenticajes thcaglobal broadcast 
message by making a new digest from the contents, and the long-termJcey stored in the 
secure element and comparing the Jiew:digest;withthe^^^d - 
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13. The secure element of claim 1 1 , wherein: . 

the receiver further receives a global broadcast message together with the 
encrypted instance of the service, the global- broadcast message including an entitlement 
agent specifier for the entitlement agent and an encrypted short-term key derivation value 
5 from which a short-term key for decrypting the encrypted instance may be derived; 

the receiver provides the entitlement agent specifier agent and the short-term key 
derivation value to the secure element; and 

the processing apparatus responds thereto by using the entitlement agent specifier 
to locate the long-term key associated with the entitlement agent and using the long-term 
10 key with the apparatus for decrypting and authenticating to decrypt the short-term key 

derivation value, deriving the short-term key therefrom, and providing the short-temi key 
- to the receiver. 

14. The secure element of claim 13, wherein: 

15 the global broadcast message further includes an authentication value for 

authenticating the global broadcast message; and . 

the receiver further provides the authentication value to the secure element; and 
the processing responds thereto by using the authentication; value with the apparatus for 
decrypting and authenticating to authenticate the global broadcast message. . . 

20 

15. The secure element of claim 13, wherein: =' - 

the authentication value is a digest made from the contents and the long-temi key; 
and • " • ' ' r . , • . :» 

the apparatus for decrypting and authenticating authenticates the global broadcast 
25 message by marking a new digest from the contents and the long-term key stored in the 

secure element and comparing the new digest with the digest. ' > - ' ^ ; . • 



82 

- - ' SU«Sim^^3SWEET' 26) 



BNSDOCrD <WO 99071S0A1 I > 



wo 99/07150 PCT/US98/16145 

16. The secure element of claim 10, wherein: 

the seventh message further contains an entitlement identifier that identifies an 
entitlement to an instance of a service provided by the entitlement agent; and 

when the message is authentic, the processing apparatus responds to the message 
by storing the entitlement identifier in the memory in association with the entitlement 
agent. 

1 7. The secure element of claim 1 6, wherein: 

. the seventh message further contains entitlement information that further describes 
the entitlement; and 

. when the message is authentic, the processing apparatus responds to the message 
by storing the entitlement information in the memory in association with the entitlement 
agent. 

18. The secure element of claim 17, wherein: . : . 
the entitlement information further contains information indicating that, the 

entitlement is to be deleted;, and - . . . 

when the message is authentic, the processing! apparatus responds to thejsmessage 
by deleting the .entitlement information from the memory , ■. . . . ^ 

19. The secure element of claim 17, wherein: \ - . : 

the receiver further receives a global broadcast message together with the instance 
of the service, the global broadcast message including an entitlement agent specifier for 
;the entitlement agent and an entitlementadentifier; 

i the receiver provides the entitlement agent specifier agent and entitlement 
identifier to the secure.ielement; .and v . ...j , ; < ; , . .: ' . 

the processing apparatus responds thereto by using the entitlement agent specifier 
to locate the entitlement identifier in the memory, the processing apparatus enabling 
access to the instance only if there is an entitlement identifier associated with the 
entitlement agent specifier that matches the entitlement identifier in the global broadcast 
message. 
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20. The secure element of claim 17, wherein: 

the instance is encrypted with a short-term key; 

the memory contains a long-term key that is associated with the entitlement agent 
and with a long-term key identifier; 
5 the global broadcast message further includes a key identifier and an encrypted 

short-term key derivation value; 

the receiver fiirther provides they key identifier and the short-term key derivation 
value to the secure element; and 

the processing apparatus further responds thereto by using the entitlement agent 
10 specifier and the long-temi key identifier to locate the long-term key, using the long-term 

key and the short-term key derivation value with the iapparatus for decrypting and 
authenticating to obtain the short-term key, the processing apparatus providing the key to 
the receiver only if the entitlement identifier in the global broadcast message matches the 
entitlement identifier associated with the entitlement agent in the memory. 

15 

21. The secure element of claim 1 , wherein: . 

; the message includes a digest of the unencrypted message content that has been 
encrypted with the private key corresponding to the public key for the entity: . 
the apparatus for decrypting and aiuthenticating includes digest m 
20 .and , - , : , . . : : r: u.; ^ • -=>/.-^-Vr;- . :. 

the apparatus for decrypting and authenticating determines whether the message is 
authentic by decrypting the digest in the message and making a new digest from the 
decrypted message content,, the message content being authentic only if the digest and the 
: new digest are the same. • t. - : ; . . 

22. A secure element for use in a receiver .that receives a global broadcast message 
sent on behalf of an entitlement agent, the global broadcast message including 
authentication information produced using a isecret shared betvfreemthe entitlement agent 
and the receiver^ the secure element comprising: V - : . ; : 

30 jj non-volatile memory . wherein is^tored the shared secret; and • : « > : 

:v ; ; processing apparatus coupled to :the non-vdlatilemenioiy, the 

apparatus including authentication apparatus for authenticating the message; wherein the 
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processing apparatus receives the authentication information, uses the authentication 
apparatus and the authentication information to authenticate the message, and provides an 
indication of validity of the global broadcast message to the receiver only if the message 
is authentic. 

23- The secure element of claim 22, wherein: 

there are a plurality of the entitlement agents; 

the global broadcast message further includes a specifier for the entitlement agent 
of the plurality on whose behalf the message is being sent; 

there is further stored in. the non-volatile memory at lest one stored specifier for at 
least one of the plurality of entitlement agents; and 

' the processing apparatus further receives the specifier for the entitlement agent 
from the global broadcast message and provides the indication of validity only if the.; * 
specifier for the entitlement agent matches the stored specifier, ' ' - ^ 

24. The secure element of claim 23, wherein: - ' ^ - 
the receiver receives an instance of a service on behalf of an entitlenient agen^f 

the plurality thereof; / .; . ; : V:. ^: - V « : : ■ *^ - * ^ 

' : the;global broadcast message is a firsts global broadcast message that accompjil&ies 
the instance and further includes an entitlement identifier indicating entitlement to the 
-instance; ' . ,^ • - ' '-.t- ^" 

... there is further stored: in the non^volatile memory at lest one stored entitlement 
, identifier for at lest one of a plurality of instances of a service; and • - 

the processing apparatus further receives the entitlement identifier from the first 
global broadcast message and provides the indication of validity only if the entitlement 
identifier matches thciStored. entitlement identifier. : _ ^ 

25. -^iThie seciire element of daim 24,:whereih:\ : t ; i. : : *i . : . . . 

the instance of the service is jsriciypted using a shortrterm key;s !t- • a . .-^ . 
the first global broadcast mesSagCT&itheE includes a key derivation: value; 
: v: there;is fiirther.stored in the noB-3fblatile memory a iong^temr key associated with 
,,the.CTtrtlement-agentv- : i c:. . .::jfir:::^- \ v r • -t;.. uc^:; 2.jr, ^^^.^ 
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the processing apparatus further receives the key derivation value, uses the long- 
term key together with the key derivation value to obtain the short-term key and provides 
the short-term key to the receiver.touse in decrypting the instance of the service if the 
global broadcast message is valid. 

5 

26. The.secure element of claim 25, wherein: 

there ate a plurality of long-term keys associated with the entitlement agent and 
stored in the non-volatile memory, each of the long-term keys being associated with a 
stored key identifier that is stored in the non-volatile memory; 
10 the first global broadcast message further includes a key identifier identifying a 

long-tenn key; and 

the processing apparatus further receives the key identifier and uses the long-term 
key associated with a stored key identifier that matches the key identifier to obtain the 
short-term key. 

15 . _ ... .. . ^ f. ; 

27. The secure element of claim 25, wherein: 

the key derivation value has been encrypted using the long-term key; 
the processing apparatos further include? decrypti^ 

. the processing apparatus.uses.the long-term key arid the decryption, appara to 
20 decrypt the key derivation value. ; : r . i: . > ..^ v . „ 

28. The secure element of claim 25, wherein: : . i . ' - 
the shared secret is the long-term key; 

the authentication informatipn is a .digest made using contents of the first global 
25 broadcast message and the shared secret; and : : ^ 

the authentication apparatus authenticates the. message by making a new digest 
using:the.cpntents wth comparingithe new digest with the digest. 

29. - : ; T^ - ; • : <; ; : ..o . 

30 , the global broadcast message is:^r$e^ 

apQomp^ies the instan and fiuther. includes a purqhasablejentitlement identifier that 
identifies MLeniitlement to ;the iiistagnce^ which.auserof the receiver may. purchase; :r 
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the receiver responds to the second global broadcast message by interacting with 
the user to indicate purchasability of the instance and to an indication of purchasability 
from the user by providing the purchasable entitlement identifier to the secure element; 
and 

5 the processing apparatus responds thereto by storing the purchasable entitlement 

identifier in the memory in association with the entitlement agent, the processing 
apparatus further using the purchasable entitlement identifier in the same fashion as the 
entitlement identifier to determine validity of the first global broadcast message. 

10 30. The secure element ofclaim 29, wherein: 

the receiver further sends a message addressed to the entitlement agent; 

the message has contents that include at least an encryption of the purchasable 
entitlement identifier, a key for decrypting the encryption^ and an encrypted digest of the - 
contents; 

15 the memory further includes a public key for the entitlement agent and private key 

for the receiver; . 

the processing apparatus further includes enciyption apparatus; .and 
the processing apparatus receives the cohteiitsv provides/a further key for 
decrypting the encryption,: uses the encryption apparatus and the further'key to encrypwhe 
20 encryption, uses the public key for the entitlement agent and the'encryption apparatus to 

encrypt the further key, makes the digest of the contents, and uses the private key and the 
encryption apparatus to encrypt the digest. ~ 

3 L A secure element for use in a received that has access to instances of services as 
25 determined by an entitlement agent, the receiver sending messages to the-ehtitlement 

agent and the secure element conaprisifig: -^^^^ 

non-volatile memory wherein is stoftd a' public ktfy-pn^ 
receiver and a public icey for the entitlement agent; 

processing apparatus coupled to the ncMi-volatiie^^mem^ry, the processing 
30 apparatus including apparatus for ericryptJrigv the app'aratus fdr encrypting-responding to 

. content of a giventmessage by maldng a^^igest of the content ahld encrypting the digest 
using the private key for the receiver,.eisCfyptiftgth(El contieht with aiurtKer key, • • 
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encrypting the further key with a public key for the entitlement agent, and returning the 
encr\picd content, the encrypted digest, and the encrypted further key to the receiver for 
inclusion in the message. 

32. The secure element of claim 3 1 , wherein: 

the secure element is implemented in a module which is separate from the 
remainder of the receiver and is consumer-installable in the receiver. . 

33. A service origination component included in a cable television system for securely 
transmitting to a scr\'ice reception component, the service origination component 
comprising: 

a transaction encryption device for storing a private key for an entitlement agent 
that is included in the cable television system for transmitting instances of service to the 
service reception component; and 

a controller securely linked to the transaction encryption device for encrypting 
information using the private key for subsequent transmission to the service reception 
component. . 

34. The service origination component of claim 33, wherein the service origination 
component comprises cable television head end equipment : ; >. . : i 

35. The service origination component of claim 33, further comprising: : 

a processor coupled to the transaction encryption device for processing data using 
a secure hash function to generate the information.^ - ' . 

36. The service origination component of claim 33, further comprising: 

: . the ^entitlement agent coupled to the controller for generating an instance of 
service; ' ■ -'.y.'^dsiy. .r:-- . v - 

a random number generator for generating a multi-session key (MSK); 
- a prdcessorcpupled to the rajidoirt number and the controller for hashing 

the instance of service and the MSK in a secure one-way hash to generate a digest that is 
included as a part of the information. 
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37. The service origination component of claim 36, further comprising: 

an encryptor coupled to the controller for further encrypting the information using 
a public key associated with the service reception component prior to transmission of the 
infonnation. 

5 

38. The service origination component of claim 36, further comprising: 

a message generator coupled to the processor for generating an entitlement 
management message including the digest, wherein the entitlement management message 
is encrypted by the processor using the private key to generate the information that is 
10 transmitted to the service reception component. : 

39. The service origination component of claim 38, wherein the entitlement 
management message is further encrypted using a public key of the service reception ' 
component. 



15 



40. The service origination component of claim 33, further iCompnsing: 

conditional access authority establishment apparatus for establishing a conditional 
access authority. 



20 41. Theserviceorigination component of claim 40, wherein: . : . - : ' 

the transaction encryption device further stores a private key of the conditional 
access authority.- ; . * . ;o - : : . ' . . : -l 

42. The service origination component of claim 41 , further comprising: 
25 a message generator for generating a message comprising a public key of the 

entitlement agent;: :^ • :^ * : : ^ 

: an encryptor coupled to, the. message- generator for encrypting the message using 
the private key of the conditional access authority; and . ^ 

at transmitter coupled tp the;,eixcryptor for transmitting the messager:to ,the service 
30 ; reception cpmponent that is intended to jeceive the. instances; of servjcerfrooi.the 
. ; : -entitlement agent; ^ c r^./. ; - t:r-'^z c n: " :'V - ' " voi / :^ ;:v.;.-<r* 
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43. A eable television system for providing secure transmissions, the cable television 
system comprising: 

an entitlement agent for generating instances of service; 
a service origination component including: 

a transaction encryption device for storing a private key for the entitlement 
agent; and 

a controller securely linked to the transaction encryption device for encrypting 
infomiation using the private key for subsequent transmission; and 

a service reception component for receiving the infomiation and for decrypting the 
infomiation using a public key of the entitlement agent. 

44. The cable television system of claim 43, wherein the service origination component 
comprises cable television head end equipment. 

45. The cable television system of cl2dm 43, further comprising a transmission medium 
coupled between the service origination component and the service reception component. 

46. The cable television system of claim 43, wherein the service reception component 
comprises a cable television set top terminal. 

47. The cable television system of claim 43^ wherein ihe service origination component 
further comprises: - ' - 

a random number generator for generating a muhi-session key (MSK) ■ 
a processor couplied to the random number generator and the controller for hashing 
an instance of service and the MSK in a secure one-way hash to generate a digest that is 
included as a part of the information. - 



90 

"SUisf mJTC«^H^ 26) 



PCTAJS98/16145 

WO 99/07150 

48. The cable television system of claim 47, wherein the service origination component 
further comprises: 

a message generator coupled to theprocessor for generating an entitlement 
management message including the digest, wherein the entitlement management message 
is encrypted by the processor using the private key to generate the information that is 
transmitted to the service reception component. 

49. The cable television system of claim 48, wherein the entitlement management 
message including the digest is further encrypted using a public key of the service 
reception component. 

50. The cable television system of claini 43 ^ further comprising: 

conditional access authority establishment apparams fpr establishing a conditional-- 
access authority. 

5 1 . The cable television system of claim 50,. wherein the transaction encryption dey ice^v 
of the service origination component further stores a private key of the conditional access 
authority.; , • J'...:^ ■ : ■ ' *^ ■ • - - 

52. The cable television system of claim 5 1 , wherein the service origination component 
^ further comprises: . . , . • / . • * 

a message generator for generating a message comprising a public Rey of the . • 
entitlement agent; ^ . ; . : : / , . ^ 

an encryptor cqupled .to the message generator for encrypting the.message using the 
. private key of the conditional, access authority and u public key pf^the service reception 
component; and . • . . \ >..:': ... - '. : . 

a transmitter coupled to the encryptor for transmitting the message to the service 
reception component that is intended to receive the instances of service torn the 
entitlement agent. 
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